Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43976 | 5 Debian, Fedoraproject, Linux and 2 more | 23 Debian Linux, Fedora, Linux Kernel and 20 more | 2023-02-24 | 2.1 LOW | 4.6 MEDIUM |
| In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). | |||||
| CVE-2023-21797 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-24 | N/A | 8.8 HIGH |
| Microsoft ODBC Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-21692 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-24 | N/A | 9.8 CRITICAL |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | |||||
| CVE-2021-3773 | 4 Fedoraproject, Linux, Oracle and 1 more | 6 Fedora, Linux Kernel, Communications Cloud Native Core Binding Support Function and 3 more | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. | |||||
| CVE-2023-21691 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-24 | N/A | 7.5 HIGH |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability | |||||
| CVE-2022-42735 | 1 Apache | 1 Shenyu | 2023-02-24 | N/A | 8.8 HIGH |
| Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 . | |||||
| CVE-2023-21690 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-24 | N/A | 9.8 CRITICAL |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | |||||
| CVE-2023-21689 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-24 | N/A | 9.8 CRITICAL |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | |||||
| CVE-2023-21722 | 1 Microsoft | 23 .net, Windows 10 1507, Windows 10 1511 and 20 more | 2023-02-24 | N/A | 5.0 MEDIUM |
| .NET Framework Denial of Service Vulnerability | |||||
| CVE-2019-4253 | 1 Ibm | 1 Informix Dynamic Server | 2023-02-23 | 7.2 HIGH | 7.8 HIGH |
| IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941. | |||||
| CVE-2018-1796 | 1 Ibm | 1 Informix Dynamic Server | 2023-02-23 | 7.2 HIGH | 7.8 HIGH |
| IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426. | |||||
| CVE-2022-39269 | 1 Pjsip | 1 Pjsip | 2023-02-23 | N/A | 9.1 CRITICAL |
| PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2020-10941 | 3 Arm, Debian, Fedoraproject | 4 Mbed Crypto, Mbed Tls, Debian Linux and 1 more | 2023-02-23 | 4.3 MEDIUM | 5.9 MEDIUM |
| Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. | |||||
| CVE-2021-31693 | 1 Vmware | 1 Tools | 2023-02-23 | N/A | 6.5 MEDIUM |
| VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS. | |||||
| CVE-2022-42818 | 1 Apple | 1 Macos | 2023-02-23 | N/A | 5.9 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity. | |||||
| CVE-2023-23934 | 1 Palletsprojects | 1 Werkzeug | 2023-02-23 | N/A | 3.5 LOW |
| Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3. | |||||
| CVE-2023-21823 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-23 | N/A | 7.8 HIGH |
| Windows Graphics Component Remote Code Execution Vulnerability | |||||
| CVE-2023-25011 | 1 Nec | 1 Pc Settings Tool | 2023-02-23 | N/A | 7.8 HIGH |
| PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges. | |||||
| CVE-2023-22854 | 1 Mitel | 1 Micontact Center Business | 2023-02-23 | N/A | 7.5 HIGH |
| The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information. | |||||
| CVE-2023-21686 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-23 | N/A | 8.8 HIGH |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | |||||