Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28105 | 2023-03-16 | N/A | N/A | ||
| go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use `zip.Unzip` to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version 0.0.34. There are no known workarounds. | |||||
| CVE-2023-25973 | 1 Autoaffiliatelinks | 1 Auto Affiliate Links | 2023-03-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3.0.2 versions. | |||||
| CVE-2023-0350 | 1 Akuvox | 2 E11, E11 Firmware | 2023-03-16 | N/A | 6.5 MEDIUM |
| Akuvox E11 does not ensure that a file extension is associated with the file provided. This could allow an attacker to upload a file to the device by changing the extension of a malicious file to an accepted file type. | |||||
| CVE-2021-46875 | 1 Ibexa | 1 Ez Platform Kernel | 2023-03-16 | N/A | 6.1 MEDIUM |
| An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file. | |||||
| CVE-2023-0351 | 1 Akuvox | 2 E11, E11 Firmware | 2023-03-16 | N/A | 8.8 HIGH |
| The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality. This could allow an attacker to upload files with executable command instructions. | |||||
| CVE-2023-0352 | 1 Akuvox | 2 E11, E11 Firmware | 2023-03-16 | N/A | 9.1 CRITICAL |
| The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker could download the device key file. An attacker could then use this page to reset the password back to the default. | |||||
| CVE-2021-46876 | 1 Ibexa | 1 Ez Platform Kernel | 2023-03-16 | N/A | 5.3 MEDIUM |
| An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence. | |||||
| CVE-2022-48365 | 1 Ibexa | 3 Digital Experience Platform, Ez Platform, Ez Platform Kernel | 2023-03-16 | N/A | 7.2 HIGH |
| An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges. | |||||
| CVE-2023-0353 | 1 Akuvox | 2 E11, E11 Firmware | 2023-03-16 | N/A | 9.8 CRITICAL |
| Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the encrypted passwords to be decrypted from the configuration file. | |||||
| CVE-2023-0354 | 1 Akuvox | 2 E11, E11 Firmware | 2023-03-16 | N/A | 9.1 CRITICAL |
| The Akuvox E11 web server can be accessed without any user authentication, and this could allow an attacker to access sensitive information, as well as create and download packet captures with known default URLs. | |||||
| CVE-2022-48366 | 1 Ibexa | 7 Commerce, Digital Experience Platform, Ez Platform and 4 more | 2023-03-16 | N/A | 3.7 LOW |
| An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack. | |||||
| CVE-2022-48367 | 1 Ibexa | 5 Digital Experience Platform, Ez Platform Kernel, Ezplatform-http-cache-fastly and 2 more | 2023-03-16 | N/A | 9.8 CRITICAL |
| An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled. | |||||
| CVE-2023-0345 | 1 Akuvox | 2 E11, E11 Firmware | 2023-03-16 | N/A | 9.8 CRITICAL |
| The Akuvox E11 secure shell (SSH) server is enabled by default and can be accessed by the root user. This password cannot be changed by the user. | |||||
| CVE-2023-27490 | 1 Nextauth.js | 1 Next-auth | 2023-03-16 | N/A | 8.8 HIGH |
| NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions before `v4.20.1` have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to **log in as the victim**, bypassing the CSRF protection. This is due to a partial failure during a compromised OAuth session where a session code is erroneously generated. This issue has been addressed in version 4.20.1. Users are advised to upgrade. Users unable to upgrade may using Advanced Initialization, manually check the callback request for state, pkce, and nonce against the provider configuration to prevent this issue. See the linked GHSA for details. | |||||
| CVE-2023-27532 | 1 Veeam | 1 Backup \& Replication | 2023-03-16 | N/A | 7.5 HIGH |
| Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. | |||||
| CVE-2023-27851 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-03-16 | N/A | 8.8 HIGH |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device. | |||||
| CVE-2023-22891 | 1 Smartbear | 1 Zephyr Enterprise | 2023-03-16 | N/A | 8.1 HIGH |
| There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts. | |||||
| CVE-2023-27902 | 1 Jenkins | 1 Jenkins | 2023-03-16 | N/A | 4.3 MEDIUM |
| Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents. | |||||
| CVE-2023-23514 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-03-16 | N/A | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1. An app may be able to execute arbitrary code with kernel privileges.. | |||||
| CVE-2022-47419 | 1 Mayan-edms | 1 Mayan Edms | 2023-03-16 | N/A | 5.4 MEDIUM |
| An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system. | |||||