Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1035 | 1 Clinics Patient Management System Project | 1 Clinics Patient Management System | 2023-02-27 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as critical. Affected is an unknown function of the file update_user.php. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221784. | |||||
| CVE-2022-23540 | 1 Auth0 | 1 Jsonwebtoken | 2023-02-27 | N/A | 7.6 HIGH |
| In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do not specify algorithms in the `jwt.verify()` function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options. | |||||
| CVE-2022-23541 | 1 Auth0 | 1 Jsonwebtoken | 2023-02-27 | N/A | 6.3 MEDIUM |
| jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0. | |||||
| CVE-2023-0895 | 1 Wow-company | 1 Wp Coder | 2023-02-27 | N/A | 4.9 MEDIUM |
| The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-24329 | 1 Python | 1 Python | 2023-02-27 | N/A | 7.5 HIGH |
| An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | |||||
| CVE-2023-24388 | 1 Wpdevart | 1 Booking Calendar | 2023-02-27 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete). | |||||
| CVE-2023-23899 | 1 Hasthemes | 1 Extensions For Cf7 | 2023-02-27 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation. | |||||
| CVE-2018-20997 | 1 Rust-openssl Project | 1 Rust-openssl | 2023-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. | |||||
| CVE-2016-10931 | 1 Rust-openssl Project | 1 Rust-openssl | 2023-02-27 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification. | |||||
| CVE-2023-23586 | 1 Linux | 1 Linux Kernel | 2023-02-27 | N/A | 5.5 MEDIUM |
| Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring | |||||
| CVE-2022-35883 | 1 Intel | 1 Media Software Development Kit | 2023-02-27 | N/A | 5.5 MEDIUM |
| NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-34346 | 1 Intel | 1 Media Software Development Kit | 2023-02-27 | N/A | 7.8 HIGH |
| Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-34854 | 1 Intel | 1 System Usage Report | 2023-02-27 | N/A | 7.8 HIGH |
| Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33964 | 1 Intel | 1 System Usage Report | 2023-02-27 | N/A | 9.8 CRITICAL |
| Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-33946 | 1 Intel | 1 System Usage Report | 2023-02-27 | N/A | 7.8 HIGH |
| Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33190 | 1 Intel | 1 System Usage Report | 2023-02-27 | N/A | 7.8 HIGH |
| Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-32971 | 1 Intel | 1 System Usage Report | 2023-02-27 | N/A | 7.2 HIGH |
| Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow a privileged user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-31476 | 1 Intel | 1 System Usage Report | 2023-02-27 | N/A | 5.5 MEDIUM |
| Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-30692 | 1 Intel | 1 System Usage Report | 2023-02-27 | N/A | 7.5 HIGH |
| Improper conditions check in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2019-17003 | 1 Mozilla | 1 Firefox | 2023-02-27 | N/A | 6.1 MEDIUM |
| Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed. | |||||