Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20551 | 1 Google | 1 Android | 2023-03-09 | N/A | 6.7 MEDIUM |
| In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243376549 | |||||
| CVE-2022-20481 | 1 Google | 1 Android | 2023-03-09 | N/A | 5.5 MEDIUM |
| In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241927115 | |||||
| CVE-2022-20455 | 1 Google | 1 Android | 2023-03-09 | N/A | 5.5 MEDIUM |
| In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242537431 | |||||
| CVE-2022-47179 | 1 Ujsoftware | 1 Owm Weather | 2023-03-09 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft. | |||||
| CVE-2020-1416 | 1 Microsoft | 5 Azure Storage Explorer, Typescript, Visual Studio 2017 and 2 more | 2023-03-09 | 9.3 HIGH | 8.8 HIGH |
| An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'. | |||||
| CVE-2023-24419 | 1 Strategy11 | 1 Formidable Form Builder | 2023-03-09 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions. | |||||
| CVE-2023-23992 | 1 Automatorwp | 1 Automatorwp | 2023-03-09 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete. | |||||
| CVE-2022-41723 | 1 Golang | 3 Go, Hpack, Http2 | 2023-03-09 | N/A | 7.5 HIGH |
| A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | |||||
| CVE-2021-46841 | 1 Apple | 1 Music | 2023-03-09 | N/A | 5.9 MEDIUM |
| This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity. | |||||
| CVE-2022-32906 | 1 Apple | 1 Music | 2023-03-09 | N/A | 5.3 MEDIUM |
| This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections. | |||||
| CVE-2023-24258 | 1 Spip | 1 Spip | 2023-03-09 | N/A | 9.8 CRITICAL |
| SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request. | |||||
| CVE-2022-43459 | 1 Captainform | 1 Captainform | 2023-03-09 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainForm – Form Builder for WordPress plugin <= 2.5.3 versions. | |||||
| CVE-2021-21342 | 4 Debian, Fedoraproject, Oracle and 1 more | 12 Debian Linux, Fedora, Banking Enterprise Default Management and 9 more | 2023-03-09 | 5.8 MEDIUM | 9.1 CRITICAL |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2022-45688 | 2 Hutool, Json-java Project | 2 Hutool, Json-java | 2023-03-09 | N/A | 7.5 HIGH |
| A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. | |||||
| CVE-2023-23983 | 1 Wpdevart | 1 Responsive Vertical Icon Menu | 2023-03-09 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 can lead to theme deletion. | |||||
| CVE-2023-23865 | 1 Checkoutplugins | 1 Stripe Payments For Woocommerce | 2023-03-09 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin <= 1.4.10 leads to settings change. | |||||
| CVE-2021-45477 | 1 Yordam | 1 Library Automation System | 2023-03-09 | N/A | 6.5 MEDIUM |
| Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2. | |||||
| CVE-2023-1105 | 1 Flatpress | 1 Flatpress | 2023-03-09 | N/A | 8.1 HIGH |
| External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2021-45478 | 1 Yordam | 1 Library Automation System | 2023-03-09 | N/A | 6.5 MEDIUM |
| Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2. | |||||
| CVE-2023-20050 | 1 Cisco | 111 Mds 9000, Mds 9100, Mds 9132t and 108 more | 2023-03-09 | N/A | 7.8 HIGH |
| A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user. | |||||