Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36394 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 9.8 CRITICAL |
| In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. | |||||
| CVE-2022-26258 | 2 D-link, Dlink | 2 Dir-820l, Dir-820l Firmware | 2023-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. | |||||
| CVE-2022-44268 | 1 Imagemagick | 1 Imagemagick | 2023-03-11 | N/A | 6.5 MEDIUM |
| ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it). | |||||
| CVE-2023-1221 | 1 Google | 1 Chrome | 2023-03-10 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) | |||||
| CVE-2023-1223 | 1 Google | 2 Android, Chrome | 2023-03-10 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1225 | 2 Apple, Google | 2 Iphone Os, Chrome | 2023-03-10 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1224 | 1 Google | 1 Chrome | 2023-03-10 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1226 | 1 Google | 1 Chrome | 2023-03-10 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1228 | 1 Google | 2 Android, Chrome | 2023-03-10 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1230 | 1 Google | 2 Android, Chrome | 2023-03-10 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-48364 | 1 Joinmastodon | 1 Mastodon | 2023-03-10 | N/A | 4.3 MEDIUM |
| The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive. | |||||
| CVE-2022-3284 | 1 M-files | 1 M-files Server | 2023-03-10 | N/A | 7.5 HIGH |
| Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0. | |||||
| CVE-2023-26108 | 1 Nestjs | 1 Nest | 2023-03-10 | N/A | 5.3 MEDIUM |
| Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open. | |||||
| CVE-2023-1231 | 1 Google | 2 Android, Chrome | 2023-03-10 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1232 | 1 Google | 1 Chrome | 2023-03-10 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-1233 | 1 Google | 1 Chrome | 2023-03-10 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low) | |||||
| CVE-2023-1234 | 1 Google | 2 Android, Chrome | 2023-03-10 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-1236 | 1 Google | 1 Chrome | 2023-03-10 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2022-41077 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-03-10 | N/A | 7.8 HIGH |
| Windows Fax Compose Form Elevation of Privilege Vulnerability | |||||
| CVE-2022-47211 | 1 Microsoft | 1 365 Apps | 2023-03-10 | N/A | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||