Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1418 | 1 Friendly Island Pizza Website And Ordering System Project | 1 Friendly Island Pizza Website And Ordering System | 2023-03-20 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file cashconfirm.php of the component POST Parameter Handler. The manipulation of the argument transactioncode leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223129 was assigned to this vulnerability. | |||||
| CVE-2023-1416 | 1 Simple Art Gallery Project | 1 Simple Art Gallery | 2023-03-20 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Simple Art Gallery 1.0. Affected is an unknown function of the file adminHome.php. The manipulation of the argument social_facebook leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223128. | |||||
| CVE-2023-1379 | 1 Friendly Island Pizza Website And Ordering System Project | 1 Friendly Island Pizza Website And Ordering System | 2023-03-20 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file addmem.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223127. | |||||
| CVE-2021-3293 | 1 Emlog | 1 Emlog | 2023-03-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file. | |||||
| CVE-2023-27102 | 1 Struktur | 1 Libde265 | 2023-03-20 | N/A | 6.5 MEDIUM |
| Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc. | |||||
| CVE-2023-26511 | 1 Propius | 1 Machineselector | 2023-03-20 | N/A | 9.8 CRITICAL |
| A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and 6.6.1 allows remote attackers to gain access to the admin panel Propiusadmin.php, which allows taking control of the affected system. | |||||
| CVE-2023-26262 | 1 Sitecore | 2 Experience Manager, Experience Platform | 2023-03-20 | N/A | 8.8 HIGH |
| An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server. | |||||
| CVE-2023-28144 | 1 Kdab | 1 Hotspot | 2023-03-20 | N/A | 7.0 HIGH |
| KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls. | |||||
| CVE-2023-27234 | 1 Jizhicms | 1 Jizhicms | 2023-03-20 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application. | |||||
| CVE-2019-0881 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-03-20 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-0863 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-03-20 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-0853 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-03-20 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | |||||
| CVE-2018-7084 | 2 Arubanetworks, Siemens | 3 Aruba Instant, Scalance W1750d, Scalance W1750d Firmware | 2023-03-20 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.1 | |||||
| CVE-2019-0841 | 1 Microsoft | 6 Windows 10 1703, Windows 10 1709, Windows 10 1803 and 3 more | 2023-03-20 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836. | |||||
| CVE-2023-24930 | 1 Microsoft | 1 Onedrive | 2023-03-20 | N/A | 7.8 HIGH |
| Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability | |||||
| CVE-2023-24923 | 1 Microsoft | 1 Onedrive | 2023-03-20 | N/A | 5.5 MEDIUM |
| Microsoft OneDrive for Android Information Disclosure Vulnerability | |||||
| CVE-2023-24922 | 1 Microsoft | 1 Dynamics 365 | 2023-03-20 | N/A | 7.5 HIGH |
| Microsoft Dynamics 365 Information Disclosure Vulnerability | |||||
| CVE-2023-24911 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 8 more | 2023-03-20 | N/A | 5.3 MEDIUM |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | |||||
| CVE-2023-27585 | 2023-03-20 | N/A | N/A | ||
| PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead. | |||||
| CVE-2022-24793 | 2 Debian, Pjsip | 2 Debian Linux, Pjsip | 2023-03-20 | 4.3 MEDIUM | 7.5 HIGH |
| PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to CVE-2023-27585. The difference is that this issue is in parsing the query record `parse_rr()`, while the issue in CVE-2023-27585 is in `parse_query()`. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead. | |||||