Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24781 | 1 Funadmin | 1 Funadmin | 2023-03-14 | N/A | 9.8 CRITICAL |
| Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php. | |||||
| CVE-2022-4931 | 1 Xibodevelopment | 1 Backupwordpress | 2023-03-14 | N/A | 4.3 MEDIUM |
| The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up. | |||||
| CVE-2022-4932 | 1 Boldgrid | 1 Total Upkeep | 2023-03-14 | N/A | 4.3 MEDIUM |
| The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up. | |||||
| CVE-2022-4007 | 1 Gitlab | 1 Gitlab | 2023-03-14 | N/A | 6.1 MEDIUM |
| A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side. | |||||
| CVE-2022-22297 | 1 Fortinet | 2 Fortirecorder Firmware, Fortiweb | 2023-03-14 | N/A | 5.5 MEDIUM |
| An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments. | |||||
| CVE-2023-0030 | 1 Linux | 1 Linux Kernel | 2023-03-14 | N/A | 7.8 HIGH |
| A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
| CVE-2023-1283 | 1 Builder | 1 Qwik | 2023-03-14 | N/A | 9.8 CRITICAL |
| Code Injection in GitHub repository builderio/qwik prior to 0.21.0. | |||||
| CVE-2023-22889 | 1 Smartbear | 1 Zephyr Enterprise | 2023-03-14 | N/A | 9.8 CRITICAL |
| SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users. | |||||
| CVE-2023-24780 | 1 Funadmin | 1 Funadmin | 2023-03-14 | N/A | 9.8 CRITICAL |
| Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns. | |||||
| CVE-2023-27478 | 1 Libmemcached-awesome Project | 1 Libmemcached-awesome | 2023-03-14 | N/A | 6.5 MEDIUM |
| libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably high `POLL_TIMEOUT` setting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state. | |||||
| CVE-2022-41333 | 1 Fortinet | 1 Fortirecorder Firmware | 2023-03-14 | N/A | 7.5 HIGH |
| An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests. | |||||
| CVE-2022-41329 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-03-14 | N/A | 5.3 MEDIUM |
| An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests. | |||||
| CVE-2022-42476 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-03-14 | N/A | 8.2 HIGH |
| A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests. | |||||
| CVE-2023-1277 | 1 Ubuntukylin | 1 Kylin-system-updater | 2023-03-14 | N/A | 7.8 HIGH |
| A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222600. | |||||
| CVE-2022-45861 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-03-14 | N/A | 6.5 MEDIUM |
| An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request. | |||||
| CVE-2022-27490 | 1 Fortinet | 4 Fortianalyzer, Fortimanager, Fortiportal and 1 more | 2023-03-14 | N/A | 6.5 MEDIUM |
| A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands. | |||||
| CVE-2022-46257 | 1 Github | 1 Enterprise Server | 2023-03-14 | N/A | 4.3 MEDIUM |
| An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploit this vulnerability, an attacker would need access to the GHES instance, permissions to modify GitHub Actions runner groups, and successfully guess the obfuscated ID of private repositories. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-1257 | 1 Moxa | 108 Uc-2101-lx, Uc-2101-lx Firmware, Uc-2102-lx and 105 more | 2023-03-14 | N/A | 6.8 MEDIUM |
| An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system. | |||||
| CVE-2023-24657 | 1 Phpipam | 1 Phpipam | 2023-03-14 | N/A | 6.1 MEDIUM |
| phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php. | |||||
| CVE-2023-1267 | 1 Pttemkart | 1 Pttem Kart | 2023-03-14 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ulkem Company PtteM Kart.This issue affects PtteM Kart: before 2.1. | |||||