Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25282 | 1 Dlink | 2 Dir-820l, Dir-820l Firmware | 2023-03-17 | N/A | 6.5 MEDIUM |
| A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.log_to_syslog and log_opt_dropPackets parameters to mydlink_api.ccp. | |||||
| CVE-2023-27501 | 1 Sap | 1 Netweaver Application Server Abap | 2023-03-17 | N/A | 9.6 CRITICAL |
| SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrity | |||||
| CVE-2022-39214 | 1 Combodo | 1 Itop | 2023-03-17 | N/A | 7.5 HIGH |
| Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1. | |||||
| CVE-2023-26912 | 1 S-mall-ssm Project | 1 S-mall-ssm | 2023-03-17 | N/A | 4.8 MEDIUM |
| Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button. | |||||
| CVE-2023-25345 | 2 Swig-templates Project, Swig Project | 2 Swig-templates, Swig | 2023-03-17 | N/A | 7.5 HIGH |
| Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags. | |||||
| CVE-2023-25344 | 2 Swig-templates Project, Swig Project | 2 Swig-templates, Swig | 2023-03-17 | N/A | 9.8 CRITICAL |
| An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to execute arbitrary code via crafted Object.prototype anonymous function. | |||||
| CVE-2022-44796 | 1 Objectfirst | 1 Object First | 2023-03-17 | N/A | 9.8 CRITICAL |
| An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically strong sequences. An attacker can predict these sequences and generate a JWT token. As a result, an attacker can get access to the Web UI. This is fixed in Object First Ootbi BETA build 1.0.13.1611. | |||||
| CVE-2022-44795 | 1 Objectfirst | 1 Object First | 2023-03-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, an attacker can get access to system logs. An attacker would need credentials to exploit this vulnerability. This is fixed in Object First Ootbi BETA build 1.0.13.1611. Important note - This vulnerability is related to the Object First Ootbi BETA version, which is not released for production and therefore has no impact on the production environment. The production-ready Object First Ootbi version will have this vulnerability fixed. | |||||
| CVE-2022-44794 | 1 Objectfirst | 1 Object First | 2023-03-17 | N/A | 8.8 HIGH |
| An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to the Bash interpreter. An attacker would need credentials to exploit this vulnerability. This is fixed in Object First Ootbi BETA build 1.0.13.1611. | |||||
| CVE-2023-1415 | 1 Simple Art Gallery Project | 1 Simple Art Gallery | 2023-03-17 | N/A | 8.8 HIGH |
| A vulnerability was found in Simple Art Gallery 1.0. It has been declared as critical. This vulnerability affects the function sliderPicSubmit of the file adminHome.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-223126 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-43874 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2023-03-17 | N/A | 6.1 MEDIUM |
| IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239963. | |||||
| CVE-2023-27103 | 1 Struktur | 1 Libde265 | 2023-03-17 | N/A | 8.8 HIGH |
| Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. | |||||
| CVE-2023-27781 | 1 Jpegoptim Project | 1 Jpegoptim | 2023-03-17 | N/A | 7.8 HIGH |
| jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c. | |||||
| CVE-2022-37402 | 1 Afsanalytics | 1 Afs Analytics | 2023-03-17 | N/A | 4.8 MEDIUM |
| Stored Cross-site Scripting (XSS) vulnerability in AFS Analytics plugin <= 4.18 versions. | |||||
| CVE-2023-24732 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-03-17 | N/A | 8.8 HIGH |
| Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the gender parameter in the user profile update function. | |||||
| CVE-2023-24731 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-03-17 | N/A | 8.8 HIGH |
| Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the query parameter in the user profile update function. | |||||
| CVE-2023-24730 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-03-17 | N/A | 8.8 HIGH |
| Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the company parameter in the user profile update function. | |||||
| CVE-2023-24729 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-03-17 | N/A | 8.8 HIGH |
| Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the address parameter in the user profile update function. | |||||
| CVE-2023-24728 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-03-17 | N/A | 8.8 HIGH |
| Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the contact parameter in the user profile update function. | |||||
| CVE-2023-0322 | 1 Talentyazilim | 1 Unis | 2023-03-17 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS.This issue affects UNIS: before 28376. | |||||