Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10372 | 1 Jenkins | 1 Gitlab Oauth | 2023-03-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login. | |||||
| CVE-2019-10371 | 1 Jenkins | 1 Gitlab Oauth | 2023-03-03 | 5.0 MEDIUM | 7.5 HIGH |
| A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | |||||
| CVE-2018-6678 | 1 Mcafee | 1 Mcafee Web Gateway | 2023-03-03 | 6.5 MEDIUM | 9.1 CRITICAL |
| Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2002-0062 | 5 Debian, Freebsd, Gnu and 2 more | 5 Debian Linux, Freebsd, Ncurses and 2 more | 2023-03-03 | 7.2 HIGH | N/A |
| Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." | |||||
| CVE-2023-1147 | 1 Flatpress | 1 Flatpress | 2023-03-03 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2023-1146 | 1 Flatpress | 1 Flatpress | 2023-03-03 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2023-1107 | 1 Flatpress | 1 Flatpress | 2023-03-03 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2023-1106 | 1 Flatpress | 1 Flatpress | 2023-03-03 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2023-1148 | 1 Flatpress | 1 Flatpress | 2023-03-03 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2005-1796 | 3 Debian, Ettercap, Gnu | 3 Debian Linux, Ettercap, Ncurses | 2023-03-03 | 7.5 HIGH | N/A |
| Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code. | |||||
| CVE-2022-36537 | 1 Zkoss | 1 Zk Framework | 2023-03-03 | N/A | 7.5 HIGH |
| ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. | |||||
| CVE-2022-0480 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-03-03 | N/A | 5.5 MEDIUM |
| A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks. | |||||
| CVE-2022-41322 | 2 Fedoraproject, Kitty Project | 2 Fedora, Kitty | 2023-03-03 | N/A | 7.8 HIGH |
| In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup. | |||||
| CVE-2009-1956 | 2 Apache, Canonical | 3 Apr-util, Http Server, Ubuntu Linux | 2023-03-03 | 6.4 MEDIUM | N/A |
| Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input. | |||||
| CVE-2020-18693 | 1 Mineweb | 1 Minewebcms | 2023-03-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attackers to execute arbitrary code by injecting malicious code into the 'Title' field of the component '/admin/news'. | |||||
| CVE-2019-14347 | 1 Schben | 1 Adive | 2023-03-03 | 6.5 MEDIUM | 8.8 HIGH |
| Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script. | |||||
| CVE-2019-13111 | 2 Exiv2, Fedoraproject | 2 Exiv2, Fedora | 2023-03-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file. | |||||
| CVE-2020-27784 | 1 Linux | 1 Linux Kernel | 2023-03-03 | N/A | 5.5 MEDIUM |
| A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free(). | |||||
| CVE-2019-14529 | 1 Open-emr | 1 Openemr | 2023-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. | |||||
| CVE-2019-14524 | 2 Opensuse, Schismtracker | 3 Backports, Leap, Schism Tracker | 2023-03-03 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465. | |||||