Total
22706 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-33644 | 1 Microsoft | 1 Windows 10 | 2023-03-14 | 4.4 MEDIUM | 7.0 HIGH |
Xbox Live Save Service Elevation of Privilege Vulnerability | |||||
CVE-2023-21721 | 1 Microsoft | 1 Onenote | 2023-03-14 | N/A | 6.5 MEDIUM |
Microsoft OneNote Elevation of Privilege Vulnerability | |||||
CVE-2023-21693 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-03-14 | N/A | 5.7 MEDIUM |
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | |||||
CVE-2023-21801 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-03-14 | N/A | 7.8 HIGH |
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | |||||
CVE-2022-41862 | 3 Fedoraproject, Postgresql, Redhat | 6 Fedora, Postgresql, Enterprise Linux and 3 more | 2023-03-14 | N/A | 3.7 LOW |
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. | |||||
CVE-2023-24776 | 1 Funadmin | 1 Funadmin | 2023-03-14 | N/A | 9.8 CRITICAL |
Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php. | |||||
CVE-2021-36403 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 5.3 MEDIUM |
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. | |||||
CVE-2021-36402 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 5.3 MEDIUM |
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. | |||||
CVE-2023-26054 | 1 Mobyproject | 1 Buildkit | 2023-03-13 | N/A | 6.5 MEDIUM |
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1) Invoking build directly from a URL with credentials. 2) If the client sends additional version control system (VCS) info hint parameters on builds from a local source. Usually, that would mean reading the origin URL from `.git/config` file. When a build is performed under specific conditions where credentials were passed to BuildKit they may be visible to everyone who has access to provenance attestation. Provenance attestations and VCS info hints were added in version v0.11.0. Previous versions are not vulnerable. In v0.10, when building directly from Git URL, the same URL could be visible in `BuildInfo` structure that is a predecessor of Provenance attestations. Previous versions are not vulnerable. This bug has been fixed in v0.11.4. Users are advised to upgrade. Users unable to upgrade may disable VCS info hints by setting `BUILDX_GIT_INFO=0`. `buildctl` does not set VCS hints based on `.git` directory, and values would need to be passed manually with `--opt`. | |||||
CVE-2019-18202 | 1 Wago | 3 Pfc100, Pfc200, Pfc Firmware | 2023-03-13 | 5.0 MEDIUM | 5.3 MEDIUM |
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests. | |||||
CVE-2023-25169 | 1 Discourse | 1 Discourse Yearly Review | 2023-03-13 | N/A | 5.3 MEDIUM |
discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit `b3ab33bbf7` which is included in the latest version of the Discourse Yearly Review plugin. Users are advised to upgrade. Users unable to upgrade may disable the `yearly_review_enabled` setting to fully mitigate the issue. Also, it's possible to edit the anonymised user's old data in the yearly review topics manually. | |||||
CVE-2023-26600 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2023-03-13 | N/A | 6.5 MEDIUM |
ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. | |||||
CVE-2023-26474 | 1 Xwiki | 1 Xwiki | 2023-03-13 | N/A | 8.8 HIGH |
XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds. | |||||
CVE-2023-22858 | 1 Blogengine | 1 Blogengine.net | 2023-03-13 | N/A | 5.3 MEDIUM |
An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs. | |||||
CVE-2023-27574 | 1 Shadowsocks | 1 Shadowsocksx-ng | 2023-03-13 | N/A | 9.8 CRITICAL |
ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS. | |||||
CVE-2023-26473 | 1 Xwiki | 1 Xwiki | 2023-03-13 | N/A | 6.5 MEDIUM |
XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading. | |||||
CVE-2022-29494 | 1 Intel | 58 C621a, C627a, C629a and 55 more | 2023-03-13 | N/A | 6.5 MEDIUM |
Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access. | |||||
CVE-2023-26471 | 1 Xwiki | 1 Xwiki | 2023-03-13 | N/A | 8.8 HIGH |
XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode (anything dangerous is disabled), but the async macro does not take into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki content with the right of superadmin. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10. The only known workaround consists of applying a patch and rebuilding and redeploying `org.xwiki.platform:xwiki-platform-rendering-async-macro`. | |||||
CVE-2021-36397 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 5.3 MEDIUM |
In Moodle, insufficient capability checks meant message deletions were not limited to the current user. | |||||
CVE-2023-24736 | 1 Pmb Project | 1 Pmb | 2023-03-13 | N/A | 9.8 CRITICAL |
PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php. |