Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25923 | 2023-03-21 | N/A | N/A | ||
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. IBM X-Force ID: 247629. | |||||
| CVE-2023-25686 | 2023-03-21 | N/A | N/A | ||
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 247601. | |||||
| CVE-2022-45637 | 2023-03-21 | N/A | N/A | ||
| An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism. | |||||
| CVE-2022-45635 | 2023-03-21 | N/A | N/A | ||
| An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy. | |||||
| CVE-2023-27874 | 2023-03-21 | N/A | N/A | ||
| IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845. | |||||
| CVE-2023-27873 | 2023-03-21 | N/A | N/A | ||
| IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654. | |||||
| CVE-2023-27871 | 2023-03-21 | N/A | N/A | ||
| IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613. | |||||
| CVE-2023-25689 | 2023-03-21 | N/A | N/A | ||
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247618. | |||||
| CVE-2023-25687 | 2023-03-21 | N/A | N/A | ||
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. IBM X-Force ID: 247602. | |||||
| CVE-2023-27983 | 2023-03-21 | N/A | N/A | ||
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | |||||
| CVE-2023-1288 | 1 3ds | 1 Enovia Live Collaboration | 2023-03-21 | N/A | 7.5 HIGH |
| An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server. | |||||
| CVE-2023-1161 | 1 Wireshark | 1 Wireshark | 2023-03-21 | N/A | 7.1 HIGH |
| ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2023-24080 | 1 Chamberlain | 1 Myq | 2023-03-21 | N/A | 9.8 CRITICAL |
| A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack. | |||||
| CVE-2023-1355 | 1 Vim | 1 Vim | 2023-03-21 | N/A | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. | |||||
| CVE-2023-27270 | 1 Sap | 1 Netweaver Application Server Abap | 2023-03-21 | N/A | 6.5 MEDIUM |
| SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information. | |||||
| CVE-2023-27498 | 1 Sap | 1 Host Agent | 2023-03-21 | N/A | 7.2 HIGH |
| SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about the server. It can also make a particular service temporarily unavailable | |||||
| CVE-2023-27271 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2023-03-21 | N/A | 7.5 HIGH |
| In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability. | |||||
| CVE-2023-24882 | 1 Microsoft | 1 Onedrive | 2023-03-21 | N/A | 5.5 MEDIUM |
| Microsoft OneDrive for Android Information Disclosure Vulnerability | |||||
| CVE-2023-26459 | 1 Sap | 1 Netweaver Application Server Abap | 2023-03-21 | N/A | 7.4 HIGH |
| Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability. | |||||
| CVE-2023-24910 | 1 Microsoft | 15 365, Office, Office Long Term Servicing Channel and 12 more | 2023-03-21 | N/A | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||