| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-28772 |
|
|
Overflow |
2023-03-23 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. |
|
2 |
CVE-2023-28759 |
|
|
|
2023-03-23 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in Veritas NetBackup before 10.0. A vulnerability in the way NetBackup validates the path to a DLL prior to loading may allow a lower level user to elevate privileges and compromise the system. |
|
3 |
CVE-2023-28758 |
|
|
|
2023-03-23 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files. |
|
4 |
CVE-2023-28725 |
|
|
Exec Code |
2023-03-22 |
2023-03-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44. |
|
5 |
CVE-2023-28708 |
523 |
|
|
2023-03-22 |
2023-03-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. |
|
6 |
CVE-2023-28685 |
|
|
|
2023-03-22 |
2023-03-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
|
7 |
CVE-2023-28667 |
|
|
|
2023-03-22 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure deserialization issue. The tve_labels parameter of the tve_api_form_submit action is passed to the PHP unserialize() function without being sanitized or verified, and as a result could lead to PHP object injection, which when combined with certain class implementations / gadget chains could be leveraged to perform a variety of malicious actions granted a POP chain is also present. |
|
8 |
CVE-2023-28666 |
|
|
XSS |
2023-03-22 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user. |
|
9 |
CVE-2023-28665 |
|
|
XSS |
2023-03-22 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user. |
|
10 |
CVE-2023-28664 |
|
|
XSS |
2023-03-22 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the mdf_get_tax_options_in_widget action, which can only be triggered by an authenticated user. |
|
11 |
CVE-2023-28663 |
|
|
Sql |
2023-03-22 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Formidable PRO2PDF WordPress Plugin, version < 3.11, is affected by an authenticated SQL injection vulnerability in the ‘fieldmap’ parameter in the fpropdf_export_file action. |
|
12 |
CVE-2023-28662 |
|
|
Sql |
2023-03-22 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action. |
|
13 |
CVE-2023-28661 |
|
|
Sql |
2023-03-22 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action. |
|
14 |
CVE-2023-28660 |
|
|
Sql |
2023-03-22 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action. |
|
15 |
CVE-2023-28659 |
|
|
Sql |
2023-03-22 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6.2, is affected by an authenticated SQL injection vulnerability in the pbc_down[meta][id] parameter of the pbc_save_downs action. |
|
16 |
CVE-2023-28617 |
78 |
|
Exec Code |
2023-03-19 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. |
|
17 |
CVE-2023-28611 |
|
|
Bypass |
2023-03-23 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20 allows an attacker to bypass intended access restrictions. |
|
18 |
CVE-2023-28610 |
|
|
|
2023-03-23 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by providing a modified firmware update image. This allows a remote attacker to gain root access to the system. |
|
19 |
CVE-2023-28609 |
287 |
|
|
2023-03-18 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication. |
|
20 |
CVE-2023-28607 |
|
|
XSS |
2023-03-18 |
2023-03-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip. |
|
21 |
CVE-2023-28606 |
|
|
XSS |
2023-03-18 |
2023-03-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips. |
|
22 |
CVE-2023-28531 |
|
|
|
2023-03-17 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. |
|
23 |
CVE-2023-28487 |
116 |
|
|
2023-03-16 |
2023-03-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Sudo before 1.9.13 does not escape control characters in sudoreplay output. |
|
24 |
CVE-2023-28486 |
116 |
|
|
2023-03-16 |
2023-03-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Sudo before 1.9.13 does not escape control characters in log messages. |
|
25 |
CVE-2023-28470 |
|
|
|
2023-03-23 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication. |
|
26 |
CVE-2023-28466 |
476 |
|
|
2023-03-16 |
2023-03-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). |
|
27 |
CVE-2023-28461 |
|
|
Exec Code |
2023-03-15 |
2023-03-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon." |
|
28 |
CVE-2023-28460 |
|
|
Exec Code |
2023-03-15 |
2023-03-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer. |
|
29 |
CVE-2023-28450 |
|
|
|
2023-03-15 |
2023-03-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. |
|
30 |
CVE-2023-28439 |
79 |
|
Exec Code XSS |
2023-03-22 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on a web page with missing proper Content Security Policy configuration; initializing the editor on an element and using an element other than `<textarea>` as a base; and destroying the editor instance. This vulnerability might affect a small percentage of integrators that depend on dynamic editor initialization/destroy mechanism. A fix is available in CKEditor4 version 4.21.0. In some rare cases, a security fix may be considered a breaking change. Starting from version 4.21.0, the Iframe Dialog plugin applies the `sandbox` attribute by default, which restricts JavaScript code execution in the iframe element. To change this behavior, configure the `config.iframe_attributes` option. Also starting from version 4.21.0, the Media Embed plugin regenerates the entire content of the embed widget by default. To change this behavior, configure the `config.embed_keepOriginalContent` option. Those who choose to enable either of the more permissive options or who cannot upgrade to a patched version should properly configure Content Security Policy to avoid any potential security issues that may arise from embedding iframe elements on their web page. |
|
31 |
CVE-2023-28438 |
89 |
|
Sql CSRF |
2023-03-22 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually. |
|
32 |
CVE-2023-28436 |
269 |
|
|
2023-03-23 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tailscale is software for using Wireguard and multi-factor authentication (MFA). A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in Tailscale SSH access rules. A difference in the behavior of the FreeBSD `setgroups` system call from POSIX meant that the Tailscale client running on a FreeBSD-based operating system did not appropriately restrict groups on the host when using Tailscale SSH. When accessing a FreeBSD host over Tailscale SSH, the egid of the tailscaled process was used instead of that of the user specified in Tailscale SSH access rules. Tailscale SSH commands may have been run with a higher privilege group ID than that specified in Tailscale SSH access rules if they met all of the following criteria: the destination node was a FreeBSD device with Tailscale SSH enabled; Tailscale SSH access rules permitted access for non-root users; and a non-interactive SSH session was used. Affected users should upgrade to version 1.38.2 to remediate the issue. |
|
33 |
CVE-2023-28434 |
269 |
|
Bypass |
2023-03-22 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`. |
|
34 |
CVE-2023-28433 |
668 |
|
|
2023-03-22 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\` character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to `PutObject` in a specific bucket, can create an admin user. This issue is patched in RELEASE.2023-03-20T20-16-18Z. There are no known workarounds. |
|
35 |
CVE-2023-28432 |
200 |
|
+Info |
2023-03-22 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z. |
|
36 |
CVE-2023-28431 |
682 |
|
DoS |
2023-03-22 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Frontier is an Ethereum compatibility layer for Substrate. Frontier's `modexp` precompile uses `num-bigint` crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost discrepancy was not accounted for in the `modexp` precompile, leading to possible denial of service attacks. No fixes for `num-bigint` are currently available, and thus this issue is fixed in the short term by raising the gas costs for even modulus, and in the long term fixing it in `num-bigint` or switching to another modexp implementation. The short-term fix for Frontier is deployed at pull request 1017. There are no known workarounds aside from applying the fix. |
|
37 |
CVE-2023-28429 |
79 |
|
XSS |
2023-03-20 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually. |
|
38 |
CVE-2023-28428 |
770 |
|
DoS |
2023-03-20 |
2023-03-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue is available in version 1.1.1. |
|
39 |
CVE-2023-28426 |
79 |
|
XSS Bypass |
2023-03-20 |
2023-03-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
savg-sanitizer is a PHP SVG/XML Sanitizer. A bypass has been found in versions prior to 0.16.0 that allows an attacker to upload an SVG with persistent cross-site scripting. HTML elements within CDATA needed to be sanitized correctly, as we were converting them to a textnode and therefore, the library wasn't seeing them as DOM elements. This issue is fixed in version 0.16.0. Any data within a CDATA node will now be sanitised using HTMLPurifier. The maintainers have also removed many of the HTML and MathML elements from the allowed element list, as without ForiegnObject, they're not legal within the SVG context. There are no known workarounds. |
|
40 |
CVE-2023-28425 |
617 |
|
|
2023-03-20 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10. |
|
41 |
CVE-2023-28424 |
89 |
|
Exec Code Sql |
2023-03-20 |
2023-03-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `SearchFeed`, implemented in `pkg/app/handler/packages/search.go`, are affected by a SQL injection via the `q` parameter. As a result, unauthenticated attackers can execute arbitrary SQL queries on `https://packages.gentoo.org/`. It was also demonstrated that primitive was enough to gain code execution in the context of the PostgreSQL container. The issue was addressed in commit `4fa6e4b619c0362728955b6ec56eab0e0cbf1e23y` of version 1.0.2 using prepared statements to interpolate user-controlled data in SQL queries. |
|
42 |
CVE-2023-28422 |
79 |
|
XSS |
2023-03-23 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce <= 3.8.6. versions. |
|
43 |
CVE-2023-28371 |
22 |
|
Dir. Trav. |
2023-03-15 |
2023-03-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal. |
|
44 |
CVE-2023-28343 |
78 |
|
|
2023-03-14 |
2023-03-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php. |
|
45 |
CVE-2023-28339 |
|
|
|
2023-03-14 |
2023-03-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later. |
|
46 |
CVE-2023-28338 |
770 |
|
|
2023-03-15 |
2023-03-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting in the device becoming unusable until it is rebooted. |
|
47 |
CVE-2023-28337 |
434 |
|
Bypass |
2023-03-15 |
2023-03-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device. |
|
48 |
CVE-2023-28336 |
|
|
|
2023-03-23 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. |
|
49 |
CVE-2023-28335 |
|
|
CSRF |
2023-03-23 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. |
|
50 |
CVE-2023-28334 |
|
|
|
2023-03-23 |
2023-03-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Authenticated users were able to enumerate other users' names via the learning plans page. |
