Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47412 | 1 Onlyoffice | 1 Workspace | 2023-03-16 | N/A | 5.4 MEDIUM |
| Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition. | |||||
| CVE-2023-27052 | 1 Moosikay Project | 1 Moosikay | 2023-03-16 | N/A | 9.8 CRITICAL |
| E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/delete_user.php. | |||||
| CVE-2023-23911 | 1 Rocket.chat | 1 Rocket.chat | 2023-03-16 | N/A | 7.5 HIGH |
| An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. | |||||
| CVE-2022-37939 | 1 Hpe | 4 Superdome Flex 280 Server, Superdome Flex 280 Server Firmware, Superdome Flex Server and 1 more | 2023-03-16 | N/A | 5.5 MEDIUM |
| A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8. | |||||
| CVE-2023-24999 | 1 Hashicorp | 1 Vault | 2023-03-16 | N/A | 8.1 HIGH |
| HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above. | |||||
| CVE-2022-47453 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-16 | N/A | 5.5 MEDIUM |
| In wcn service, there is a possible missing params check. This could lead to local denial of service in wcn service. | |||||
| CVE-2022-40515 | 1 Qualcomm | 318 Apq8009, Apq8009 Firmware, Apq8009w and 315 more | 2023-03-16 | N/A | 9.8 CRITICAL |
| Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms. | |||||
| CVE-2022-40535 | 1 Qualcomm | 142 Csr8811, Csr8811 Firmware, Ipq8070a and 139 more | 2023-03-16 | N/A | 7.5 HIGH |
| Transient DOS due to buffer over-read in WLAN while sending a packet to device. | |||||
| CVE-2022-40527 | 1 Qualcomm | 198 Ar8035, Ar8035 Firmware, Csr8811 and 195 more | 2023-03-16 | N/A | 7.5 HIGH |
| Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM. | |||||
| CVE-2022-40537 | 1 Qualcomm | 324 Apq8009, Apq8009 Firmware, Apq8009w and 321 more | 2023-03-16 | N/A | 9.8 CRITICAL |
| Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response. | |||||
| CVE-2022-47166 | 1 Voidcoders | 1 Void Contact Form 7 Widget For Elementor Page Builder | 2023-03-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.1.1 versions. | |||||
| CVE-2022-47440 | 1 My Tickets Project | 1 My Tickets | 2023-03-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Tickets plugin <= 1.9.10 versions. | |||||
| CVE-2023-23328 | 1 Avantfax | 1 Avantfax | 2023-03-16 | N/A | 8.8 HIGH |
| A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file. | |||||
| CVE-2022-40531 | 1 Qualcomm | 568 Apq8009, Apq8009 Firmware, Apq8017 and 565 more | 2023-03-16 | N/A | 7.8 HIGH |
| Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message. | |||||
| CVE-2022-40530 | 1 Qualcomm | 378 Aqt1000, Aqt1000 Firmware, Ar8031 and 375 more | 2023-03-16 | N/A | 7.8 HIGH |
| Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase. | |||||
| CVE-2023-27530 | 1 Rack Project | 1 Rack | 2023-03-16 | N/A | 7.5 HIGH |
| A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. | |||||
| CVE-2023-26607 | 1 Linux | 1 Linux Kernel | 2023-03-16 | N/A | 7.1 HIGH |
| In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c. | |||||
| CVE-2023-26606 | 1 Linux | 1 Linux Kernel | 2023-03-16 | N/A | 7.8 HIGH |
| In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c. | |||||
| CVE-2023-26605 | 1 Linux | 1 Linux Kernel | 2023-03-16 | N/A | 7.8 HIGH |
| In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid. | |||||
| CVE-2023-26545 | 1 Linux | 1 Linux Kernel | 2023-03-16 | N/A | 7.8 HIGH |
| In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | |||||