Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34364 | 1 Dell | 1 Bsafe Ssl-j | 2023-02-27 | N/A | 4.4 MEDIUM |
| Dell BSAFE SSL-J when used in debug mode can reveal unnecessary information. An attacker could potentially exploit this vulnerability and have access to private information. | |||||
| CVE-2022-34366 | 1 Dell | 1 Supportassist For Home Pcs | 2023-02-27 | N/A | 6.5 MEDIUM |
| Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. | |||||
| CVE-2022-24765 | 5 Apple, Debian, Fedoraproject and 2 more | 5 Xcode, Debian Linux, Fedora and 2 more | 2023-02-27 | 6.9 MEDIUM | 7.8 HIGH |
| Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`. | |||||
| CVE-2022-40347 | 1 Intern Record System Project | 1 Intern Record System | 2023-02-27 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information. | |||||
| CVE-2023-0883 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2023-02-27 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php-opos/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221350 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-22945 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2023-02-27 | N/A | 4.3 MEDIUM |
| In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties. | |||||
| CVE-2023-22909 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2023-02-27 | N/A | 5.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow. | |||||
| CVE-2023-22911 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2023-02-27 | N/A | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context. | |||||
| CVE-2022-3934 | 1 Mehanoid | 1 Flat Pm | 2023-02-27 | N/A | 5.4 MEDIUM |
| The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2022-45544 | 1 Schlix | 1 Cms | 2023-02-26 | N/A | 8.8 HIGH |
| ** DISPUTED ** Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme that was obtained from a trusted source or was developed for their own website. Only an admin can upload such code, not someone else in an "attacker" role. | |||||
| CVE-2023-0804 | 1 Libtiff | 1 Libtiff | 2023-02-26 | N/A | 5.5 MEDIUM |
| LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. | |||||
| CVE-2023-0797 | 1 Libtiff | 1 Libtiff | 2023-02-26 | N/A | 5.5 MEDIUM |
| LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. | |||||
| CVE-2023-25725 | 2 Debian, Haproxy | 2 Debian Linux, Haproxy | 2023-02-24 | N/A | 9.1 CRITICAL |
| HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. | |||||
| CVE-2022-40032 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2023-02-24 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information. | |||||
| CVE-2022-32972 | 1 Infoblox | 1 Bloxone Endpoint | 2023-02-24 | N/A | 7.8 HIGH |
| Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation. | |||||
| CVE-2023-24221 | 1 Luckyframe | 1 Luckyframeweb | 2023-02-24 | N/A | 9.8 CRITICAL |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml. | |||||
| CVE-2023-24220 | 1 Luckyframe | 1 Luckyframeweb | 2023-02-24 | N/A | 9.8 CRITICAL |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml. | |||||
| CVE-2023-24219 | 1 Luckyframe | 1 Luckyframeweb | 2023-02-24 | N/A | 9.8 CRITICAL |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml. | |||||
| CVE-2023-24078 | 1 Realtimelogic | 1 Fuguhub | 2023-02-24 | N/A | 8.8 HIGH |
| Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/. | |||||
| CVE-2023-23695 | 1 Dell | 1 Secure Connect Gateway | 2023-02-24 | N/A | 5.9 MEDIUM |
| Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. | |||||