Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0104 | 1 Weintek | 1 Easybuilder Pro | 2023-03-02 | N/A | 7.8 HIGH |
| The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data. | |||||
| CVE-2023-22973 | 1 Open-emr | 1 Openemr | 2023-03-02 | N/A | 8.8 HIGH |
| A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. | |||||
| CVE-2023-22972 | 1 Open-emr | 1 Openemr | 2023-03-02 | N/A | 5.4 MEDIUM |
| A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI. | |||||
| CVE-2019-10360 | 1 Jenkins | 1 M2 Release | 2023-03-02 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. | |||||
| CVE-2019-14382 | 1 Openmpt | 1 Libopenmpt | 2023-03-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | |||||
| CVE-2023-22974 | 1 Open-emr | 1 Openemr | 2023-03-02 | N/A | 7.5 HIGH |
| A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server. | |||||
| CVE-2019-14441 | 1 Libav | 1 Libav | 2023-03-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c. NOTE: This may be a duplicate of CVE-2018-19129. | |||||
| CVE-2019-14443 | 2 Debian, Libav | 2 Debian Linux, Libav | 2023-03-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. | |||||
| CVE-2019-14442 | 2 Debian, Libav | 2 Debian Linux, Libav | 2023-03-02 | 7.1 HIGH | 6.5 MEDIUM |
| In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file. | |||||
| CVE-2020-12000 | 1 Inductiveautomation | 1 Ignition Gateway | 2023-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. | |||||
| CVE-2020-13964 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2023-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object. | |||||
| CVE-2019-14431 | 1 Matrixssl | 1 Matrixssl | 2023-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message. | |||||
| CVE-2020-13428 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2023-03-02 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. | |||||
| CVE-2020-0202 | 1 Google | 1 Android | 2023-03-02 | 6.8 MEDIUM | 7.8 HIGH |
| In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11 Android ID: A-142936525 | |||||
| CVE-2020-0215 | 1 Google | 1 Android | 2023-03-02 | 4.4 MEDIUM | 7.8 HIGH |
| In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1 Android ID: A-140417248 | |||||
| CVE-2020-0213 | 1 Google | 1 Android | 2023-03-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| In hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp.s, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10 Android-11 Android ID: A-143464314 | |||||
| CVE-2020-11076 | 3 Debian, Fedoraproject, Puma | 3 Debian Linux, Fedora, Puma | 2023-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4. | |||||
| CVE-2020-11716 | 1 Panasonic | 12 Eluga Ray 530, Eluga Ray 530 Firmware, Eluga Ray 600 and 9 more | 2023-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support." | |||||
| CVE-2020-13231 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2023-03-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. | |||||
| CVE-2019-3613 | 1 Mcafee | 1 Agent | 2023-03-02 | 4.4 MEDIUM | 7.3 HIGH |
| DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder. | |||||