Total
9170 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-40237 | 1 Ibm | 1 Mq For Hpe Nonstop | 2023-03-06 | N/A | 7.5 HIGH |
IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727. | |||||
CVE-2023-20932 | 1 Google | 1 Android | 2023-03-06 | N/A | 3.3 LOW |
In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018 | |||||
CVE-2023-25693 | 1 Apache | 1 Airflow Sqoop Provider | 2023-03-06 | N/A | 9.8 CRITICAL |
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. | |||||
CVE-2023-25692 | 1 Apache | 1 Apache-airflow-providers-google | 2023-03-06 | N/A | 7.5 HIGH |
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. | |||||
CVE-2023-25691 | 1 Apache | 1 Apache-airflow-providers-google | 2023-03-06 | N/A | 9.8 CRITICAL |
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. | |||||
CVE-2022-26837 | 1 Intel | 454 Core I3-11100he, Core I3-11100he Firmware, Core I3-1110g4 and 451 more | 2023-03-06 | N/A | 7.0 HIGH |
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-25696 | 1 Apache | 1 Airflow Hive Provider | 2023-03-06 | N/A | 9.8 CRITICAL |
Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3. | |||||
CVE-2019-1910 | 1 Cisco | 2 Carrier Routing System, Ios Xr | 2023-03-03 | 6.1 MEDIUM | 7.4 HIGH |
A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of crafted IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending a crafted link-state PDU to an affected system to be processed. A successful exploit could allow the attacker to cause all routers within the IS–IS area to unexpectedly restart the IS–IS process, resulting in a DoS condition. This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XR Software earlier than Release 6.6.3 and are configured with the IS–IS routing protocol. Cisco has confirmed that this vulnerability affects both Cisco IOS XR 32-bit Software and Cisco IOS XR 64-bit Software. | |||||
CVE-2015-7559 | 2 Apache, Redhat | 3 Activemq, Jboss A-mq, Jboss Fuse | 2023-03-03 | 4.0 MEDIUM | 2.7 LOW |
It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. | |||||
CVE-2018-20860 | 2 Openmpt, Opensuse | 2 Libopenmpt, Leap | 2023-03-03 | 4.3 MEDIUM | 6.5 MEDIUM |
libopenmpt before 0.3.13 allows a crash with malformed MED files. | |||||
CVE-2022-44556 | 1 Huawei | 2 Emui, Harmonyos | 2023-03-03 | N/A | 7.5 HIGH |
Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability. | |||||
CVE-2019-1936 | 1 Cisco | 3 Integrated Management Controller Supervisor, Ucs Director, Ucs Director Express For Big Data | 2023-03-03 | 9.0 HIGH | 7.2 HIGH |
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface. | |||||
CVE-2019-14211 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2023-03-02 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript. | |||||
CVE-2022-33178 | 1 Broadcom | 1 Fabric Operating System | 2023-03-02 | N/A | 7.2 HIGH |
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. | |||||
CVE-2023-21621 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2023-03-01 | N/A | 7.8 HIGH |
FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2021-36741 | 2 Microsoft, Trendmicro | 5 Windows, Apex One, Officescan and 2 more | 2023-03-01 | 6.5 MEDIUM | 8.8 HIGH |
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability. | |||||
CVE-2018-20662 | 5 Canonical, Debian, Fedoraproject and 2 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2023-03-01 | 4.3 MEDIUM | 6.5 MEDIUM |
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | |||||
CVE-2020-12803 | 3 Fedoraproject, Libreoffice, Opensuse | 3 Fedora, Libreoffice, Leap | 2023-03-01 | 4.3 MEDIUM | 6.5 MEDIUM |
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4. | |||||
CVE-2020-13401 | 4 Broadcom, Debian, Docker and 1 more | 4 Sannav, Debian Linux, Engine and 1 more | 2023-03-01 | 6.0 MEDIUM | 6.0 MEDIUM |
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. | |||||
CVE-2021-4204 | 4 Debian, Linux, Netapp and 1 more | 13 Debian Linux, Linux Kernel, H300s and 10 more | 2023-03-01 | N/A | 7.1 HIGH |
An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. |