Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33104 | 1 Intel | 1 One Boot Flash Update | 2023-03-06 | N/A | 5.5 MEDIUM |
| Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-27234 | 1 Intel | 1 Computer Vision Annotation Tool | 2023-03-06 | N/A | 6.5 MEDIUM |
| Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2022-26837 | 1 Intel | 454 Core I3-11100he, Core I3-11100he Firmware, Core I3-1110g4 and 451 more | 2023-03-06 | N/A | 7.0 HIGH |
| Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-26562 | 1 Kopano | 1 Groupware Core | 2023-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. | |||||
| CVE-2019-19907 | 1 Kopano | 1 Groupware Core | 2023-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data. | |||||
| CVE-2023-23039 | 1 Linux | 1 Linux Kernel | 2023-03-06 | N/A | 5.7 MEDIUM |
| An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove(). | |||||
| CVE-2023-25696 | 1 Apache | 1 Airflow Hive Provider | 2023-03-06 | N/A | 9.8 CRITICAL |
| Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3. | |||||
| CVE-2023-25824 | 1 Mod Gnutls Project | 1 Mod Gnutls | 2023-03-06 | N/A | 7.5 HIGH |
| Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This could be exploited for denial of service attacks. If trace level logging was enabled, it would also produce an excessive amount of log output during the loop, consuming disk space. The problem has been fixed in commit d7eec4e598158ab6a98bf505354e84352f9715ec, please update to version 0.12.1. There are no workarounds, users who cannot update should apply the errno fix detailed in the security advisory. | |||||
| CVE-2023-24104 | 1 Ui | 2 Unifi Dream Machine Pro, Unifi Dream Machine Pro Firmware | 2023-03-06 | N/A | 9.8 CRITICAL |
| Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. | |||||
| CVE-2023-22999 | 1 Linux | 1 Linux Kernel | 2023-03-06 | N/A | 5.5 MEDIUM |
| In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | |||||
| CVE-2023-1034 | 1 Salesagility | 1 Suitecrm | 2023-03-06 | N/A | 8.8 HIGH |
| Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. | |||||
| CVE-2023-25956 | 1 Apache | 1 Apache-airflow-providers-amazon | 2023-03-06 | N/A | 7.5 HIGH |
| Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1. | |||||
| CVE-2023-1100 | 1 Online Catering Reservation System Project | 1 Online Catering Reservation System | 2023-03-06 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. This affects an unknown part of the file /reservation/add_message.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222003. | |||||
| CVE-2023-26302 | 1 Executablebooks | 1 Markdown-it-py | 2023-03-06 | N/A | 5.5 MEDIUM |
| Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input. | |||||
| CVE-2023-22997 | 1 Linux | 1 Linux Kernel | 2023-03-06 | N/A | 5.5 MEDIUM |
| In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | |||||
| CVE-2023-22996 | 1 Linux | 1 Linux Kernel | 2023-03-06 | N/A | 5.5 MEDIUM |
| In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device. | |||||
| CVE-2023-27372 | 2 Debian, Spip | 2 Debian Linux, Spip | 2023-03-06 | N/A | 9.8 CRITICAL |
| SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. | |||||
| CVE-2022-38725 | 1 Oneidentity | 2 Syslog-ng, Syslog-ng Store Box | 2023-03-06 | N/A | 7.5 HIGH |
| An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected. | |||||
| CVE-2022-33196 | 1 Intel | 272 Xeon D-1513n, Xeon D-1513n Firmware, Xeon D-1518 and 269 more | 2023-03-06 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-0934 | 1 Answer | 1 Answer | 2023-03-06 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.5. | |||||