Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25920 | 2023-03-07 | N/A | N/A | ||
| This candidate was in a CNA pool that was not assigned to any issues during 2022. | |||||
| CVE-2022-25889 | 2023-03-07 | N/A | N/A | ||
| This candidate was in a CNA pool that was not assigned to any issues during 2022. | |||||
| CVE-2022-21224 | 2023-03-07 | N/A | N/A | ||
| This candidate was in a CNA pool that was not assigned to any issues during 2022. | |||||
| CVE-2021-26246 | 2023-03-07 | N/A | N/A | ||
| This candidate was in a CNA pool that was not assigned to any issues during 2021. | |||||
| CVE-2021-23232 | 2023-03-07 | N/A | N/A | ||
| This candidate was in a CNA pool that was not assigned to any issues during 2021. | |||||
| CVE-2021-23224 | 2023-03-07 | N/A | N/A | ||
| This candidate was in a CNA pool that was not assigned to any issues during 2021. | |||||
| CVE-2021-23220 | 2023-03-07 | N/A | N/A | ||
| This candidate was in a CNA pool that was not assigned to any issues during 2021. | |||||
| CVE-2023-26256 | 1 Stagil | 1 Stagil Navigation | 2023-03-07 | N/A | 7.5 HIGH |
| An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system. | |||||
| CVE-2023-26255 | 1 Stagil | 1 Stagil Navigation | 2023-03-07 | N/A | 7.5 HIGH |
| An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system. | |||||
| CVE-2023-25807 | 1 Dataease | 1 Dataease | 2023-03-07 | N/A | 5.4 MEDIUM |
| DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3. | |||||
| CVE-2023-25266 | 1 Docmosis | 1 Tornado | 2023-03-07 | N/A | 8.8 HIGH |
| An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code execution (RCE). | |||||
| CVE-2023-25264 | 1 Docmosis | 1 Tornado | 2023-03-07 | N/A | 7.5 HIGH |
| An issue was discovered in Docmosis Tornado prior to version 2.9.5. An unauthenticated attacker can bypass the authentication check filter completely by introducing a specially crafted request with relative path segments. | |||||
| CVE-2023-25265 | 1 Docmosis | 1 Tornado | 2023-03-07 | N/A | 7.5 HIGH |
| Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system. | |||||
| CVE-2022-45139 | 1 Wago | 14 751-9301, 751-9301 Firmware, 752-8303\/8000-002 and 11 more | 2023-03-07 | N/A | 5.3 MEDIUM |
| A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality. | |||||
| CVE-2022-45138 | 1 Wago | 14 751-9301, 751-9301 Firmware, 752-8303\/8000-002 and 11 more | 2023-03-07 | N/A | 9.8 CRITICAL |
| The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device. | |||||
| CVE-2023-26257 | 1 Covesa | 1 Dlt-daemon | 2023-03-07 | N/A | 7.5 HIGH |
| An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c. | |||||
| CVE-2023-26609 | 1 Abus | 2 Tvip 20000-21150, Tvip 20000-21150 Firmware | 2023-03-07 | N/A | 7.2 HIGH |
| ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field. | |||||
| CVE-2022-48363 | 1 Linuxfoundation | 1 Automotive Grade Linux | 2023-03-07 | N/A | 7.5 HIGH |
| In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer. | |||||
| CVE-2022-45462 | 1 Apache | 1 Dolphinscheduler | 2023-03-07 | N/A | 9.8 CRITICAL |
| Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher | |||||
| CVE-2022-0350 | 1 B3log | 1 Vditor | 2023-03-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13. | |||||