Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3894 | 2023-03-21 | N/A | N/A | ||
| The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack. | |||||
| CVE-2023-28429 | 2023-03-21 | N/A | N/A | ||
| Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually. | |||||
| CVE-2023-28428 | 2023-03-21 | N/A | N/A | ||
| PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue is available in version 1.1.1. | |||||
| CVE-2023-1515 | 2023-03-21 | N/A | N/A | ||
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. | |||||
| CVE-2023-28426 | 2023-03-21 | N/A | N/A | ||
| savg-sanitizer is a PHP SVG/XML Sanitizer. A bypass has been found in versions prior to 0.16.0 that allows an attacker to upload an SVG with persistent cross-site scripting. HTML elements within CDATA needed to be sanitized correctly, as we were converting them to a textnode and therefore, the library wasn't seeing them as DOM elements. This issue is fixed in version 0.16.0. Any data within a CDATA node will now be sanitised using HTMLPurifier. The maintainers have also removed many of the HTML and MathML elements from the allowed element list, as without ForiegnObject, they're not legal within the SVG context. There are no known workarounds. | |||||
| CVE-2023-24870 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-03-20 | N/A | 6.5 MEDIUM |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | |||||
| CVE-2023-24869 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-03-20 | N/A | 8.1 HIGH |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | |||||
| CVE-2023-24872 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-03-20 | N/A | 8.8 HIGH |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-24871 | 1 Microsoft | 6 Windows 10 20h2, Windows 10 21h2, Windows 10 22h2 and 3 more | 2023-03-20 | N/A | 8.8 HIGH |
| Windows Bluetooth Service Remote Code Execution Vulnerability | |||||
| CVE-2023-24876 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-03-20 | N/A | 8.8 HIGH |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-23403 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-03-20 | N/A | 8.8 HIGH |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-23401 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-03-20 | N/A | 7.8 HIGH |
| Windows Media Remote Code Execution Vulnerability | |||||
| CVE-2023-23400 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2023-03-20 | N/A | 7.2 HIGH |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2023-23399 | 1 Microsoft | 6 365 Apps, Excel, Office and 3 more | 2023-03-20 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2023-23398 | 1 Microsoft | 3 365 Apps, Excel, Office | 2023-03-20 | N/A | 5.5 MEDIUM |
| Microsoft Excel Spoofing Vulnerability | |||||
| CVE-2023-23396 | 1 Microsoft | 2 Office Online Server, Office Web Apps Server | 2023-03-20 | N/A | 5.5 MEDIUM |
| Microsoft Excel Denial of Service Vulnerability | |||||
| CVE-2023-23395 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-03-20 | N/A | 3.1 LOW |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2023-23394 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-03-20 | N/A | 5.5 MEDIUM |
| Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | |||||
| CVE-2023-23393 | 1 Microsoft | 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more | 2023-03-20 | N/A | 7.0 HIGH |
| Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-23402 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-03-20 | N/A | 7.8 HIGH |
| Windows Media Remote Code Execution Vulnerability | |||||