Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by NVD-CWE-noinfo
Total 22706 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-2173 1 Oracle 1 Database Server 2023-03-15 4.0 MEDIUM 4.1 MEDIUM
Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Recovery. While the vulnerability is in Recovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Recovery accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).
CVE-2022-22075 1 Qualcomm 366 Apq8009, Apq8009 Firmware, Apq8009w and 363 more 2023-03-15 N/A 5.5 MEDIUM
Information Disclosure in Graphics during GPU context switch.
CVE-2023-27119 1 Webassembly 1 Webassembly 2023-03-15 N/A 5.5 MEDIUM
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.
CVE-2022-3767 1 Gitlab 1 Dynamic Application Security Testing Analyzer 2023-03-15 N/A 6.5 MEDIUM
Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.
CVE-2022-4462 1 Gitlab 1 Gitlab 2023-03-15 N/A 4.3 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response.
CVE-2023-0483 1 Gitlab 1 Gitlab 2023-03-15 N/A 3.8 LOW
An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site.
CVE-2014-125093 1 Getadmiral 1 Ad Blocking Detector 2023-03-15 N/A 7.5 HIGH
A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 and classified as problematic. This vulnerability affects unknown code of the file ad-blocking-detector.php. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 3312b9cd79e5710d1e282fc9216a4e5ab31b3d94. It is recommended to upgrade the affected component. VDB-222610 is the identifier assigned to this vulnerability.
CVE-2023-27116 1 Webassembly 1 Webassembly 2023-03-15 N/A 5.5 MEDIUM
WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.
CVE-2023-27115 1 Webassembly 1 Webassembly 2023-03-15 N/A 5.5 MEDIUM
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.
CVE-2023-27974 1 Bitwarden 1 Bitwarden 2023-03-15 N/A 7.5 HIGH
** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default.
CVE-2022-28695 1 F5 1 Big-ip Advanced Firewall Manager 2023-03-15 6.5 MEDIUM 7.2 HIGH
On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2022-4331 1 Gitlab 1 Gitlab 2023-03-15 N/A 7.3 HIGH
An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group.
CVE-2022-4289 1 Gitlab 1 Gitlab 2023-03-15 N/A 4.3 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.
CVE-2023-1084 1 Gitlab 1 Gitlab 2023-03-15 N/A 2.7 LOW
An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request.
CVE-2023-0223 1 Gitlab 1 Gitlab 2023-03-15 N/A 5.3 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings.
CVE-2018-2844 1 Oracle 1 Vm Virtualbox 2023-03-14 4.6 MEDIUM 8.8 HIGH
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVE-2022-27490 1 Fortinet 4 Fortianalyzer, Fortimanager, Fortiportal and 1 more 2023-03-14 N/A 6.5 MEDIUM
A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands.
CVE-2023-22301 1 Openharmony 1 Openharmony 2023-03-14 N/A 7.5 HIGH
The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.
CVE-2023-22847 1 Sraoss 1 Pg Ivm 2023-03-14 N/A 4.3 MEDIUM
Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it.
CVE-2023-21801 1 Microsoft 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more 2023-03-14 N/A 7.8 HIGH
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability