Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0869 | 1 Opennms | 2 Horizon, Meridian | 2023-03-03 | N/A | 6.1 MEDIUM |
| Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | |||||
| CVE-2022-2504 | 1 Sdd-baro Project | 1 Sdd-baro | 2023-03-03 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SDD Computer Software SDD-Baro allows SQL Injection.This issue affects SDD-Baro: before 2.8.432. | |||||
| CVE-2022-4883 | 1 Libxpm Project | 1 Libxpm | 2023-03-03 | N/A | 8.8 HIGH |
| A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. | |||||
| CVE-2022-46285 | 1 Libxpm Project | 1 Libxpm | 2023-03-03 | N/A | 7.5 HIGH |
| A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. | |||||
| CVE-2022-1607 | 1 Abb | 2 Infinity Dc Power Plant, Ne843 S | 2023-03-03 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415. | |||||
| CVE-2023-0595 | 1 Schneider-electric | 4 Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 and 1 more | 2023-03-03 | N/A | 5.3 MEDIUM |
| A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions) | |||||
| CVE-2023-25621 | 1 Apache | 1 Sling I18n | 2023-03-03 | N/A | 6.5 MEDIUM |
| Privilege Escalation vulnerability in Apache Software Foundation Apache Sling. Any content author is able to create i18n dictionaries in the repository in a location the author has write access to. As these translations are used across the whole product, it allows an author to change any text or dialog in the product. For example an attacker might fool someone by changing the text on a delete button to "Info". This issue affects the i18n module of Apache Sling up to version 2.5.18. Version 2.6.2 and higher limit by default i18m dictionaries to certain paths in the repository (/libs and /apps). Users of the module are advised to update to version 2.6.2 or higher, check the configuration for resource loading and then adjust the access permissions for the configured path accordingly. | |||||
| CVE-2023-20011 | 1 Cisco | 2 Application Policy Infrastructure Controller, Cloud Network Controller | 2023-03-03 | N/A | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts. | |||||
| CVE-2022-29273 | 1 Netgate | 1 Pfsense | 2023-03-03 | N/A | 6.1 MEDIUM |
| pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. | |||||
| CVE-2023-0597 | 1 Linux | 1 Linux Kernel | 2023-03-03 | N/A | 5.5 MEDIUM |
| A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory. | |||||
| CVE-2023-0044 | 2 Quarkus, Redhat | 2 Quarkus, Build Of Quarkus | 2023-03-03 | N/A | 6.1 MEDIUM |
| If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature. | |||||
| CVE-2019-10373 | 1 Jenkins | 1 Build Pipeline | 2023-03-03 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline description to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. | |||||
| CVE-2022-46786 | 1 Squaredup | 1 Dashboard Server | 2023-03-03 | N/A | 5.4 MEDIUM |
| SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2). | |||||
| CVE-2016-5431 | 1 Php Jose Project | 1 Php Jose | 2023-03-03 | 5.0 MEDIUM | 7.5 HIGH |
| The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens. | |||||
| CVE-2019-10961 | 1 Advantech | 1 Webaccess Hmi Designer | 2023-03-03 | 6.8 MEDIUM | 8.8 HIGH |
| In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. | |||||
| CVE-2019-12797 | 1 Elmelectronics | 2 Elm27, Elm27 Firmware | 2023-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle. | |||||
| CVE-2019-14495 | 1 3proxy | 1 3proxy | 2023-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface. | |||||
| CVE-2019-10365 | 1 Google | 1 Kubernetes Engine | 2023-03-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission. | |||||
| CVE-2022-3219 | 1 Gnupg | 1 Gnupg | 2023-03-03 | N/A | 5.5 MEDIUM |
| GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. | |||||
| CVE-2023-0939 | 1 Online Services Project | 1 Online Services | 2023-03-03 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NTN Information Technologies Online Services Software allows SQL Injection.This issue affects Online Services Software: before 1.17. | |||||