Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5421 | 3 Netapp, Oracle, Vmware | 38 Oncommand Insight, Snap Creator Framework, Snapcenter and 35 more | 2023-03-01 | 3.6 LOW | 6.5 MEDIUM |
| In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. | |||||
| CVE-2019-11119 | 1 Intel | 1 Raid Web Console 3 | 2023-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2019-6116 | 6 Artifex, Canonical, Debian and 3 more | 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more | 2023-03-01 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. | |||||
| CVE-2022-21587 | 1 Oracle | 1 E-business Suite | 2023-03-01 | N/A | 9.8 CRITICAL |
| Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2022-35252 | 4 Apple, Debian, Haxx and 1 more | 17 Macos, Debian Linux, Curl and 14 more | 2023-03-01 | N/A | 3.7 LOW |
| When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. | |||||
| CVE-2022-27674 | 4 Amd, Freebsd, Linux and 1 more | 4 Amd Uprof, Freebsd, Linux Kernel and 1 more | 2023-03-01 | N/A | 7.5 HIGH |
| Insufficient validation in the IOCTL input/output buffer in AMD ?Prof may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. | |||||
| CVE-2022-23831 | 4 Amd, Freebsd, Linux and 1 more | 4 Amd Uprof, Freebsd, Linux Kernel and 1 more | 2023-03-01 | N/A | 7.5 HIGH |
| Insufficient validation of the IOCTL input buffer in AMD ?Prof may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. | |||||
| CVE-2018-10998 | 4 Canonical, Debian, Exiv2 and 1 more | 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more | 2023-03-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. | |||||
| CVE-2020-14150 | 1 Gnu | 1 Bison | 2023-03-01 | 2.1 LOW | 5.5 MEDIUM |
| GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. | |||||
| CVE-2020-7485 | 2 Microsoft, Schneider-electric | 4 Windows 7, Windows Nt, Windows Xp and 1 more | 2023-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| **VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1 | |||||
| CVE-2019-11711 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2023-03-01 | 6.8 MEDIUM | 8.8 HIGH |
| When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2019-1010155 | 1 Dlink | 2 Dsl-2750u, Dsl-2750u Firmware | 2023-03-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| ** DISPUTED ** D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although the wizard is accessible without authentication, it can't actually configure anything. Thus, there is no denial of service or information leakage. | |||||
| CVE-2022-0918 | 2 Port389, Redhat | 2 389-ds-base, Enterprise Linux | 2023-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing. | |||||
| CVE-2019-1405 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-03-01 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-11000 | 1 Gitlab | 1 Gitlab | 2023-03-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure. | |||||
| CVE-2019-11499 | 3 Dovecot, Fedoraproject, Opensuse | 3 Dovecot, Fedora, Leap | 2023-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message. | |||||
| CVE-2019-11065 | 2 Fedoraproject, Gradle | 2 Fedora, Gradle | 2023-03-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site. | |||||
| CVE-2019-10906 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 5 Ubuntu Linux, Fedora, Leap and 2 more | 2023-03-01 | 5.0 MEDIUM | 8.6 HIGH |
| In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. | |||||
| CVE-2021-46853 | 1 Alpine Project | 1 Alpine | 2023-03-01 | N/A | 5.9 MEDIUM |
| Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS. | |||||
| CVE-2019-14213 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during CSG_SignatureF and CPDF_Document destruction. | |||||