Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22374 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2023-03-15 | N/A | 8.5 HIGH |
| In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-1322 | 1 Lmxcms | 1 Lmxcms | 2023-03-15 | N/A | 9.8 CRITICAL |
| A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1) and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222728. | |||||
| CVE-2023-1321 | 1 Lmxcms | 1 Lmxcms | 2023-03-15 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222727. | |||||
| CVE-2022-46752 | 1 Dell | 150 Inspiron 14 Plus 7420, Inspiron 14 Plus 7420 Firmware, Inspiron 14 Plus 7620 and 147 more | 2023-03-15 | N/A | 4.6 MEDIUM |
| Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2023-1072 | 1 Gitlab | 1 Gitlab | 2023-03-15 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details. | |||||
| CVE-2023-0050 | 1 Gitlab | 1 Gitlab | 2023-03-15 | N/A | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims. | |||||
| CVE-2023-26110 | 1 Node-bluetooth Project | 1 Node-bluetooth | 2023-03-15 | N/A | 9.8 CRITICAL |
| All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation. | |||||
| CVE-2022-4331 | 1 Gitlab | 1 Gitlab | 2023-03-15 | N/A | 7.3 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group. | |||||
| CVE-2023-26109 | 1 Node-bluetooth-serial-port Project | 1 Node-bluetooth-serial-port | 2023-03-15 | N/A | 9.8 CRITICAL |
| All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation. | |||||
| CVE-2023-26957 | 1 Onekeyadmin | 1 Onekeyadmin | 2023-03-15 | N/A | 9.1 CRITICAL |
| onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins. | |||||
| CVE-2023-0839 | 1 Inscada Project | 1 Inscada | 2023-03-15 | N/A | 9.8 CRITICAL |
| Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1. | |||||
| CVE-2022-4289 | 1 Gitlab | 1 Gitlab | 2023-03-15 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users. | |||||
| CVE-2023-1084 | 1 Gitlab | 1 Gitlab | 2023-03-15 | N/A | 2.7 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request. | |||||
| CVE-2023-0223 | 1 Gitlab | 1 Gitlab | 2023-03-15 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings. | |||||
| CVE-2023-27475 | 1 Goutil Project | 1 Goutil | 2023-03-15 | N/A | 8.8 HIGH |
| Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version 0.6.0, users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-27482 | 1 Home-assistant | 2 Home-assistant, Supervisor | 2023-03-15 | N/A | 10.0 CRITICAL |
| homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet. | |||||
| CVE-2023-27486 | 1 Xcat Project | 1 Xcat | 2023-03-15 | N/A | 8.8 HIGH |
| xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management node of the default zone. XCAT zones are not enabled by default. Only users that use the optional zone feature are impacted. All versions of xCAT prior to xCAT 2.16.5 are vulnerable. This problem has been fixed in xCAT 2.16.5. Users making use of zones should upgrade to 2.16.5. Users unable to upgrade may mitigate the issue by disabling zones or patching the management node with the fix contained in commit `85149c37f49`. | |||||
| CVE-2023-26948 | 1 Onekeyadmin | 1 Onekeyadmin | 2023-03-15 | N/A | 7.5 HIGH |
| onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download. | |||||
| CVE-2022-48111 | 1 Siri-informatica | 1 Wi400 | 2023-03-15 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter. | |||||
| CVE-2021-33360 | 1 Stoqey | 1 Gnuplot | 2023-03-15 | N/A | 9.8 CRITICAL |
| An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s). | |||||