Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20923 | 1 Google | 1 Android | 2023-02-01 | N/A | 5.5 MEDIUM |
| In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A | |||||
| CVE-2019-18625 | 4 Debian, Linux, Microsoft and 1 more | 4 Debian Linux, Linux Kernel, Windows and 1 more | 2023-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets. | |||||
| CVE-2023-20919 | 1 Google | 1 Android | 2023-02-01 | N/A | 7.8 HIGH |
| In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252663068 | |||||
| CVE-2016-3441 | 1 Oracle | 1 Solaris | 2023-02-01 | 7.2 HIGH | 7.8 HIGH |
| Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem. | |||||
| CVE-2016-3419 | 1 Oracle | 1 Solaris | 2023-02-01 | 2.1 LOW | 3.3 LOW |
| Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem. | |||||
| CVE-2022-4054 | 1 Gitlab | 1 Gitlab | 2023-02-01 | N/A | 5.5 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers. | |||||
| CVE-2022-3902 | 1 Gitlab | 1 Gitlab | 2023-02-01 | N/A | 6.4 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks. | |||||
| CVE-2019-14302 | 1 Ricoh | 121 M 2700, M 2700 Firmware, M 2701 and 118 more | 2023-02-01 | 7.2 HIGH | 6.8 MEDIUM |
| On Ricoh SP C250DN 1.06 devices, a debug port can be used. | |||||
| CVE-2023-0463 | 1 Devolutions | 1 Remote Desktop Manager | 2023-02-01 | N/A | 3.3 LOW |
| The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk. | |||||
| CVE-2023-20904 | 1 Google | 1 Android | 2023-02-01 | N/A | 7.8 HIGH |
| In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272 | |||||
| CVE-2022-20213 | 1 Google | 1 Android | 2023-02-01 | N/A | 5.5 MEDIUM |
| In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508 | |||||
| CVE-2023-21775 | 1 Microsoft | 1 Edge Chromium | 2023-02-01 | N/A | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. | |||||
| CVE-2023-21796 | 1 Microsoft | 1 Edge Chromium | 2023-02-01 | N/A | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21795. | |||||
| CVE-2023-21795 | 1 Microsoft | 1 Edge Chromium | 2023-02-01 | N/A | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21796. | |||||
| CVE-2021-46789 | 1 Huawei | 2 Emui, Magic Ui | 2023-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability. | |||||
| CVE-2022-4816 | 1 Lenovo | 1 Safecenter | 2023-01-31 | N/A | 5.5 MEDIUM |
| A denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local user to crash the application. | |||||
| CVE-2020-13943 | 3 Apache, Debian, Oracle | 4 Tomcat, Debian Linux, Instantis Enterprisetrack and 1 more | 2023-01-31 | 4.0 MEDIUM | 4.3 MEDIUM |
| If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. | |||||
| CVE-2020-27619 | 3 Fedoraproject, Oracle, Python | 3 Fedora, Communications Cloud Native Core Network Function Cloud Native Environment, Python | 2023-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. | |||||
| CVE-2019-4383 | 1 Ibm | 1 Spectrum Protect Plus | 2023-01-31 | 4.6 MEDIUM | 6.7 MEDIUM |
| When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165. | |||||
| CVE-2019-4298 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2023-01-31 | 3.6 LOW | 7.1 HIGH |
| IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764. | |||||