Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30530 | 1 Intel | 1 Driver \& Support Assistant | 2023-03-06 | N/A | 7.8 HIGH |
| Protection mechanism failure in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-32764 | 1 Intel | 1 Driver \& Support Assistant | 2023-03-06 | N/A | 7.0 HIGH |
| Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-0034 | 1 Crocoblock | 1 Jetwidgets For Elementor | 2023-03-06 | N/A | 5.4 MEDIUM |
| The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4268 | 1 Plugin Logic Project | 1 Plugin Logic | 2023-03-06 | N/A | 7.2 HIGH |
| The Plugin Logic WordPress plugin before 1.0.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2019-14372 | 2 Debian, Libav | 2 Debian Linux, Libav | 2023-03-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c. | |||||
| CVE-2021-32852 | 1 Count | 1 Countly Server | 2023-03-05 | N/A | 9.0 CRITICAL |
| Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11. | |||||
| CVE-2023-0043 | 1 Add User Project | 1 Add User | 2023-03-05 | N/A | 6.1 MEDIUM |
| The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-0585 | 1 Aioseo | 1 All In One Seo | 2023-03-05 | N/A | 4.8 MEDIUM |
| The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-25719 | 1 Connectwise | 1 Control | 2023-03-05 | N/A | 8.8 HIGH |
| ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector. NOTE: this CVE Record is only about the parameters, such as the h parameter (this CVE Record is not about the separate issue of signed executable files that are supposed to have unique configurations across customers' installations). | |||||
| CVE-2023-25718 | 1 Connectwise | 1 Control | 2023-03-05 | N/A | 9.8 CRITICAL |
| In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It is plausible that the end user may allow the download and execution of this file to proceed. There are ConnectWise Control configuration options that add mitigations. NOTE: this may overlap CVE-2023-25719. | |||||
| CVE-2021-40241 | 1 Xfig Project | 1 Xfig | 2023-03-05 | N/A | 9.8 CRITICAL |
| xfig 3.2.7 is vulnerable to Buffer Overflow. | |||||
| CVE-2023-26758 | 1 Smeup | 1 Erp | 2023-03-03 | N/A | 7.5 HIGH |
| Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService. | |||||
| CVE-2023-25235 | 1 Tenda | 2 Ac500, Ac500 Firmware | 2023-03-03 | N/A | 7.5 HIGH |
| Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function formOneSsidCfgSet via parameter ssid. | |||||
| CVE-2023-26760 | 1 Smeup | 1 Erp | 2023-03-03 | N/A | 7.5 HIGH |
| Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. This vulnerability allows attackers to access cleartext credentials needed to authenticate to the AS400 system. | |||||
| CVE-2023-26759 | 1 Smeup | 1 Erp | 2023-03-03 | N/A | 8.8 HIGH |
| Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component. | |||||
| CVE-2023-0278 | 1 Wpgeodirectory | 1 Geodirectory | 2023-03-03 | N/A | 7.2 HIGH |
| The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | |||||
| CVE-2023-0230 | 1 Vektor-inc | 1 Vk All In One Expansion Unit | 2023-03-03 | N/A | 5.4 MEDIUM |
| The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0168 | 1 Olevmedia | 1 Olevmedia Shortcodes | 2023-03-03 | N/A | 5.4 MEDIUM |
| The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-25233 | 1 Tenda | 2 Ac500, Ac500 Firmware | 2023-03-03 | N/A | 9.8 CRITICAL |
| Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface. | |||||
| CVE-2023-22998 | 1 Linux | 1 Linux Kernel | 2023-03-03 | N/A | 5.5 MEDIUM |
| In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | |||||