Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23156 | 1 Art Gallery Management System Project | 1 Art Gallery Management System | 2023-03-06 | N/A | 9.8 CRITICAL |
| Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page. | |||||
| CVE-2023-1026 | 1 Joomunited | 1 Wp Meta Seo | 2023-03-06 | N/A | 4.3 MEDIUM |
| The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by category as long as those posts are published. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role. | |||||
| CVE-2023-1027 | 1 Joomunited | 1 Wp Meta Seo | 2023-03-06 | N/A | 4.3 MEDIUM |
| The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post categories. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role. | |||||
| CVE-2022-36348 | 1 Intel | 1 Server Platform Services | 2023-03-06 | N/A | 7.8 HIGH |
| Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-32570 | 1 Intel | 1 Quartus Prime | 2023-03-06 | N/A | 7.8 HIGH |
| Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36794 | 1 Intel | 1 Server Platform Services | 2023-03-06 | N/A | 4.4 MEDIUM |
| Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2023-1028 | 1 Joomunited | 1 Wp Meta Seo | 2023-03-06 | N/A | 4.3 MEDIUM |
| The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-25431 | 1 Online Reviewer Management System Project | 1 Online Reviewer Management System | 2023-03-06 | N/A | 4.8 MEDIUM |
| An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php. | |||||
| CVE-2022-37329 | 1 Intel | 2 Fpga Software Development Kit, Quartus Prime | 2023-03-06 | N/A | 7.3 HIGH |
| Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-25432 | 1 Online Reviewer Management System Project | 1 Online Reviewer Management System | 2023-03-06 | N/A | 7.2 HIGH |
| An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/course/course-update.php. | |||||
| CVE-2022-21163 | 1 Intel | 1 Crypto Api Toolkit For Intel Sgx | 2023-03-06 | N/A | 7.8 HIGH |
| Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-27808 | 2 Intel, Microsoft | 2 Administrative Tools For Intel Network Adapters, Windows | 2023-03-06 | N/A | 7.8 HIGH |
| Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-20932 | 1 Google | 1 Android | 2023-03-06 | N/A | 3.3 LOW |
| In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018 | |||||
| CVE-2022-36397 | 1 Intel | 1 Quickassist Technology | 2023-03-06 | N/A | 7.8 HIGH |
| Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33972 | 1 Intel | 106 Xeon Gold 5315y, Xeon Gold 5315y Firmware, Xeon Gold 5317 and 103 more | 2023-03-06 | N/A | 4.4 MEDIUM |
| Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-20933 | 1 Google | 1 Android | 2023-03-06 | N/A | 7.8 HIGH |
| In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753 | |||||
| CVE-2023-20939 | 1 Google | 1 Android | 2023-03-06 | N/A | 7.8 HIGH |
| In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981 | |||||
| CVE-2023-20934 | 1 Google | 1 Android | 2023-03-06 | N/A | 7.8 HIGH |
| In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-258672042 | |||||
| CVE-2022-36797 | 1 Vmware | 1 Ixgben | 2023-03-06 | N/A | 5.5 MEDIUM |
| Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-36416 | 1 Vmware | 1 Ixgben | 2023-03-06 | N/A | 7.8 HIGH |
| Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||