Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34393 | 1 Dell | 52 G5 Se 5505, G5 Se 5505 Firmware, Inspiron 27 7775 and 49 more | 2023-01-25 | N/A | 7.5 HIGH |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
| CVE-2023-22734 | 1 Shopware | 1 Shopware | 2023-01-25 | N/A | 7.5 HIGH |
| Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This problem has been fixed with version 6.4.18.1. Users are advised to upgrade. Users unable to upgrade may find security measures are available via a plugin for major versions 6.1, 6.2, and 6.3. Users may also disable newsletter registration completely. | |||||
| CVE-2023-22730 | 1 Shopware | 1 Shopware | 2023-01-24 | N/A | 7.5 HIGH |
| Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to put the same line item multiple times in the cart using the AP. The Cart Validators checked the line item's individuality and the user was able to bypass quantity limits in sales. This problem has been fixed with version 6.4.18.1. Users on major versions 6.1, 6.2, and 6.3 may also obtain this fix via a plugin. | |||||
| CVE-2016-9919 | 1 Linux | 1 Linux Kernel | 2023-01-24 | 7.8 HIGH | 7.5 HIGH |
| The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet. | |||||
| CVE-2023-22470 | 1 Nextcloud | 1 Deck | 2023-01-23 | N/A | 6.5 MEDIUM |
| Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that the Nextcloud Server is upgraded to 1.6.5 or 1.7.3 or 1.8.2. | |||||
| CVE-2022-46372 | 1 Alotceriot | 2 Ar7088h-a, Ar7088h-a Firmware | 2023-01-23 | N/A | 8.8 HIGH |
| Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified input field may allow Authenticated command execution. | |||||
| CVE-2023-21596 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2023-01-23 | N/A | 7.8 HIGH |
| Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-0299 | 1 Publify Project | 1 Publify | 2023-01-23 | N/A | 9.8 CRITICAL |
| Improper Input Validation in GitHub repository publify/publify prior to 9.2.10. | |||||
| CVE-2023-21588 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2023-01-20 | N/A | 7.8 HIGH |
| Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-46791 | 1 Amd | 2 Milanpi, Milanpi Firmware | 2023-01-20 | N/A | 5.5 MEDIUM |
| Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service. | |||||
| CVE-2023-20525 | 1 Amd | 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more | 2023-01-20 | N/A | 6.5 MEDIUM |
| Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service. | |||||
| CVE-2022-23814 | 1 Amd | 2 Milanpi-sp3, Milanpi-sp3 Firmware | 2023-01-20 | N/A | 5.3 MEDIUM |
| Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment. | |||||
| CVE-2023-20528 | 1 Amd | 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more | 2023-01-20 | N/A | 2.4 LOW |
| Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality. | |||||
| CVE-2023-20527 | 1 Amd | 128 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 125 more | 2023-01-20 | N/A | 6.5 MEDIUM |
| Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service. | |||||
| CVE-2023-20530 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2023-01-20 | N/A | 7.5 HIGH |
| Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service. | |||||
| CVE-2023-20532 | 1 Amd | 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more | 2023-01-20 | N/A | 5.3 MEDIUM |
| Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service. | |||||
| CVE-2018-20669 | 3 Canonical, Linux, Netapp | 7 Ubuntu Linux, Linux Kernel, Cn1610 and 4 more | 2023-01-20 | 7.2 HIGH | 7.8 HIGH |
| An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. | |||||
| CVE-2017-11104 | 2 Debian, Knot-dns | 2 Debian Linux, Knot Dns | 2023-01-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. | |||||
| CVE-2022-30331 | 1 Tigergraph | 1 Tigergraph | 2023-01-20 | N/A | 8.8 HIGH |
| ** DISPUTED ** The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected." | |||||
| CVE-2023-20522 | 1 Amd | 4 Milanpi, Milanpi Firmware, Romepi and 1 more | 2023-01-19 | N/A | 7.5 HIGH |
| Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service. | |||||