Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-2792 | 1 Oracle | 1 Outside In Technology | 2023-02-28 | 7.5 HIGH | 7.3 HIGH |
| Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). | |||||
| CVE-2019-16056 | 7 Canonical, Debian, Fedoraproject and 4 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. | |||||
| CVE-2022-34854 | 1 Intel | 1 System Usage Report | 2023-02-27 | N/A | 7.8 HIGH |
| Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-31476 | 1 Intel | 1 System Usage Report | 2023-02-27 | N/A | 5.5 MEDIUM |
| Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-29514 | 1 Intel | 1 System Usage Report | 2023-02-27 | N/A | 9.8 CRITICAL |
| Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2021-0187 | 1 Intel | 106 Xeon Gold 5315y, Xeon Gold 5315y Firmware, Xeon Gold 5317 and 103 more | 2023-02-27 | N/A | 6.7 MEDIUM |
| Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2022-3759 | 1 Gitlab | 1 Gitlab | 2023-02-27 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines and make a sidekiq job allocate a lot of memory. In GitLab instances where Sidekiq is memory-limited, this may cause Denial of Service. | |||||
| CVE-2023-0518 | 1 Gitlab | 1 Gitlab | 2023-02-27 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart. | |||||
| CVE-2022-26343 | 1 Intel | 418 Xeon Bronze 3104, Xeon Bronze 3104 Firmware, Xeon Bronze 3106 and 415 more | 2023-02-27 | N/A | 6.7 MEDIUM |
| Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-26840 | 1 Intel | 1 Quartus Prime | 2023-02-27 | N/A | 7.8 HIGH |
| Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-2175 | 1 Oracle | 1 Database Server | 2023-02-27 | 4.0 MEDIUM | 2.7 LOW |
| Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any View, Select Any View privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2022-31814 | 1 Netgate | 1 Pfblockerng | 2023-02-27 | N/A | 9.8 CRITICAL |
| pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected. | |||||
| CVE-2019-0177 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2023-02-27 | 3.6 LOW | 4.4 MEDIUM |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0181 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2023-02-27 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-16729 | 3 Canonical, Debian, Pam-python Project | 3 Ubuntu Linux, Debian Linux, Pam-python | 2023-02-27 | 7.2 HIGH | 7.8 HIGH |
| pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. | |||||
| CVE-2022-43245 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2023-02-27 | N/A | 6.5 MEDIUM |
| Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | |||||
| CVE-2022-43238 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2023-02-27 | N/A | 6.5 MEDIUM |
| Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | |||||
| CVE-2022-45701 | 1 Commscope | 6 Arris Sbg10, Arris Sbg10 Firmware, Arris Tg2482a and 3 more | 2023-02-27 | N/A | 8.8 HIGH |
| Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature. | |||||
| CVE-2023-22909 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2023-02-27 | N/A | 5.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow. | |||||
| CVE-2023-22805 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2023-02-24 | N/A | 4.3 MEDIUM |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device. | |||||