Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25361 | 1 Webkitgtk | 1 Webkitgtk | 2023-03-14 | N/A | 9.8 CRITICAL |
| A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | |||||
| CVE-2023-22847 | 1 Sraoss | 1 Pg Ivm | 2023-03-14 | N/A | 4.3 MEDIUM |
| Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it. | |||||
| CVE-2023-25362 | 1 Webkitgtk | 1 Webkitgtk | 2023-03-14 | N/A | 9.8 CRITICAL |
| A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | |||||
| CVE-2023-25363 | 1 Webkitgtk | 1 Webkitgtk | 2023-03-14 | N/A | 9.8 CRITICAL |
| A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | |||||
| CVE-2023-1278 | 1 Ibos | 1 Ibos | 2023-03-14 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-222608. | |||||
| CVE-2023-21801 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-03-14 | N/A | 7.8 HIGH |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-21721 | 1 Microsoft | 1 Onenote | 2023-03-14 | N/A | 6.5 MEDIUM |
| Microsoft OneNote Elevation of Privilege Vulnerability | |||||
| CVE-2023-21693 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-03-14 | N/A | 5.7 MEDIUM |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | |||||
| CVE-2023-21684 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-03-14 | N/A | 8.8 HIGH |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | |||||
| CVE-2022-33644 | 1 Microsoft | 1 Windows 10 | 2023-03-14 | 4.4 MEDIUM | 7.0 HIGH |
| Xbox Live Save Service Elevation of Privilege Vulnerability | |||||
| CVE-2022-33632 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-03-14 | 4.6 MEDIUM | 4.7 MEDIUM |
| Microsoft Office Security Feature Bypass Vulnerability | |||||
| CVE-2023-27479 | 1 Xwiki | 1 Xwiki | 2023-03-14 | N/A | 9.9 CRITICAL |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of UIX parameters. A proof of concept exploit is to log in, add an `XWiki.UIExtensionClass` xobject to the user profile page, with an Extension Parameters content containing `label={{/html}} {{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("Hello " + "from groovy!"){{/groovy}}{{/async}}`. Then, navigating to `PanelsCode.ApplicationsPanelConfigurationSheet` (i.e., `<xwiki-host>/xwiki/bin/view/PanelsCode/ApplicationsPanelConfigurationSheet` where `<xwiki-host>` is the URL of your XWiki installation) should not execute the Groovy script. If it does, you will see `Hello from groovy!` displayed on the screen. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. For users unable to upgrade the issue can be fixed by editing the `PanelsCode.ApplicationsPanelConfigurationSheet` wiki page and making the same modifications as shown in commit `6de5442f3c`. | |||||
| CVE-2023-24777 | 1 Funadmin | 1 Funadmin | 2023-03-14 | N/A | 9.8 CRITICAL |
| Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list. | |||||
| CVE-2023-24782 | 1 Funadmin | 1 Funadmin | 2023-03-14 | N/A | 9.8 CRITICAL |
| Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit. | |||||
| CVE-2023-27480 | 1 Xwiki | 1 Xwiki | 2023-03-14 | N/A | 7.7 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. Users unable to upgrade may apply the patch `e3527b98fd` manually. | |||||
| CVE-2023-26476 | 1 Xwiki | 1 Xwiki | 2023-03-14 | N/A | 7.5 HIGH |
| XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version >= 3.2M3 by applying the patch manually on `LiveTableResults` and `WikisLiveTableResultsMacros`. | |||||
| CVE-2023-24773 | 1 Funadmin | 1 Funadmin | 2023-03-14 | N/A | 9.8 CRITICAL |
| Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list. | |||||
| CVE-2022-39951 | 1 Fortinet | 1 Fortiweb | 2023-03-14 | N/A | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2023-1311 | 1 Friendly Island Pizza Website And Ordering System Project | 1 Friendly Island Pizza Website And Ordering System | 2023-03-14 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. This affects an unknown part of the file large.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222699. | |||||
| CVE-2023-1310 | 1 Online Graduate Tracer System Project | 1 Online Graduate Tracer System | 2023-03-14 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. Affected by this issue is some unknown functionality of the file admin/prof.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222698 is the identifier assigned to this vulnerability. | |||||