Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27894 | 1 Sap | 1 Businessobjects Business Intelligence | 2023-03-20 | N/A | 5.3 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to execute malicious requests, resulting in sensitive information disclosure. This causes limited impact on confidentiality of data. | |||||
| CVE-2023-23414 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-03-20 | N/A | 7.1 HIGH |
| Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | |||||
| CVE-2023-23416 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-03-20 | N/A | 7.8 HIGH |
| Windows Cryptographic Services Remote Code Execution Vulnerability | |||||
| CVE-2023-23415 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-03-20 | N/A | 9.8 CRITICAL |
| Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability | |||||
| CVE-2023-23417 | 1 Microsoft | 10 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 7 more | 2023-03-20 | N/A | 7.8 HIGH |
| Windows Partition Management Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-23418 | 1 Microsoft | 1 Windows 11 22h2 | 2023-03-20 | N/A | 7.8 HIGH |
| Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | |||||
| CVE-2023-26076 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 2200 and 7 more | 2023-03-20 | N/A | 9.8 CRITICAL |
| An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G SM message codec can occur due to insufficient parameter validation when decoding reserved options. | |||||
| CVE-2023-26823 | 2023-03-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-0783. Reason: This record is a duplicate of CVE-2023-0783. Notes: All CVE users should reference CVE-2023-0783 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. | |||||
| CVE-2023-22232 | 1 Adobe | 1 Connect | 2023-03-20 | N/A | 5.3 MEDIUM |
| Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-27500 | 1 Sap | 1 Netweaver Application Server Abap | 2023-03-20 | N/A | 8.1 HIGH |
| An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable. | |||||
| CVE-2023-28424 | 2023-03-20 | N/A | N/A | ||
| Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `SearchFeed`, implemented in `pkg/app/handler/packages/search.go`, are affected by a SQL injection via the `q` parameter. As a result, unauthenticated attackers can execute arbitrary SQL queries on `https://packages.gentoo.org/`. It was also demonstrated that primitive was enough to gain code execution in the context of the PostgreSQL container. The issue was addressed in commit `4fa6e4b619c0362728955b6ec56eab0e0cbf1e23y` of version 1.0.2 using prepared statements to interpolate user-controlled data in SQL queries. | |||||
| CVE-2023-28118 | 2023-03-20 | N/A | N/A | ||
| kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. There are no known workarounds. | |||||
| CVE-2023-26513 | 2023-03-20 | N/A | N/A | ||
| Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2. | |||||
| CVE-2023-0320 | 2023-03-20 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS.This issue affects UBYS: before 23.03.16. | |||||
| CVE-2022-47591 | 2023-03-20 | N/A | N/A | ||
| Reflected Cross-Site Scripting (XSS) vulnerability in Mickael Austoni Map Multi Marker plugin <= 3.2.1 versions. | |||||
| CVE-2023-23721 | 2023-03-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50 versions. | |||||
| CVE-2023-23718 | 2023-03-20 | N/A | N/A | ||
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Page Loading Effects plugin <= 2.0.0 versions. | |||||
| CVE-2023-22682 | 2023-03-20 | N/A | N/A | ||
| Reflected Cross-Site Scripting (XSS) vulnerability in Manuel Masia | Pixedelic.Com Camera slideshow plugin <= 1.4.0.1 versions. | |||||
| CVE-2023-22680 | 2023-03-20 | N/A | N/A | ||
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Altanic No API Amazon Affiliate plugin <= 4.2.2 versions. | |||||
| CVE-2023-22679 | 2023-03-20 | N/A | N/A | ||
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nicolas Lemoine WP Better Emails plugin <= 0.4 versions. | |||||