Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24735 | 1 Pmb Project | 1 Pmb | 2023-03-13 | N/A | 6.1 MEDIUM |
| PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL. | |||||
| CVE-2023-24734 | 1 Pmb Project | 1 Pmb | 2023-03-13 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file. | |||||
| CVE-2023-26051 | 1 Saleor | 1 Saleor | 2023-03-13 | N/A | 4.3 MEDIUM |
| Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests. | |||||
| CVE-2023-24733 | 1 Pmb Project | 1 Pmb | 2023-03-13 | N/A | 6.1 MEDIUM |
| PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php. | |||||
| CVE-2021-31887 | 1 Siemens | 41 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 38 more | 2023-03-13 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016) | |||||
| CVE-2023-0093 | 1 Okta | 1 Advanced Server Access | 2023-03-13 | N/A | 8.8 HIGH |
| Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment. | |||||
| CVE-2021-36396 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 7.5 HIGH |
| In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk. | |||||
| CVE-2023-23005 | 2 Linux, Suse | 2 Linux Kernel, Linux Enterprise Server | 2023-03-13 | N/A | 5.5 MEDIUM |
| ** DISPUTED ** In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached. | |||||
| CVE-2021-36395 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 7.5 HIGH |
| In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. | |||||
| CVE-2021-36394 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 9.8 CRITICAL |
| In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. | |||||
| CVE-2021-36393 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 9.8 CRITICAL |
| In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. | |||||
| CVE-2021-36392 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 9.8 CRITICAL |
| In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. | |||||
| CVE-2015-10095 | 1 Woo-popup Project | 1 Woo-popup | 2023-03-13 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is 7c76ac78f3e16015991b612ff4fa616af4ce9292. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222327. | |||||
| CVE-2023-1238 | 1 Answer | 1 Answer | 2023-03-13 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-1237 | 1 Answer | 1 Answer | 2023-03-13 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-1239 | 1 Answer | 1 Answer | 2023-03-13 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-1243 | 1 Answer | 1 Answer | 2023-03-13 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-1242 | 1 Answer | 1 Answer | 2023-03-13 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-1241 | 1 Answer | 1 Answer | 2023-03-13 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-1240 | 1 Answer | 1 Answer | 2023-03-13 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | |||||