Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36280 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-03-02 | N/A | 5.5 MEDIUM |
| An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). | |||||
| CVE-2022-2873 | 5 Debian, Fedoraproject, Linux and 2 more | 14 Debian Linux, Fedora, Linux Kernel and 11 more | 2023-03-02 | N/A | 5.5 MEDIUM |
| An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. | |||||
| CVE-2022-26843 | 1 Intel | 2 Oneapi Dpc\+\+\/c\+\+ Compiler, Oneapi Toolkits | 2023-03-02 | N/A | 9.8 CRITICAL |
| Insufficient visual distinction of homoglyphs presented to user in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.1 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-26841 | 3 Intel, Linux, Microsoft | 3 Sgx Sdk, Linux Kernel, Windows | 2023-03-02 | N/A | 5.5 MEDIUM |
| Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-30539 | 1 Intel | 106 Xeon Gold 5315y, Xeon Gold 5315y Firmware, Xeon Gold 5317 and 103 more | 2023-03-02 | N/A | 6.7 MEDIUM |
| Use after free in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-26249 | 1 Nic | 1 Knot Resolver | 2023-03-02 | N/A | 7.5 HIGH |
| Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response. | |||||
| CVE-2023-26242 | 1 Linux | 1 Linux Kernel | 2023-03-02 | N/A | 7.8 HIGH |
| afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow. | |||||
| CVE-2014-125089 | 1 Cention-chatserver Project | 1 Cention-chatserver | 2023-03-02 | N/A | 6.1 MEDIUM |
| A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function _formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue. The name of the patch is c4c0258bbd18f6915f97f91d5fee625384096a26. It is recommended to upgrade the affected component. The identifier VDB-221497 was assigned to this vulnerability. | |||||
| CVE-2023-26265 | 1 Borg Project | 1 Borg | 2023-03-02 | N/A | 5.3 MEDIUM |
| The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borg_preprocess_page in the file template.php does not properly sanitize incoming path arguments before using them. | |||||
| CVE-2015-10082 | 1 Libimobiledevice | 1 Libplist | 2023-03-02 | N/A | 9.8 CRITICAL |
| A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499. | |||||
| CVE-2023-24575 | 1 Dell | 1 Multifunction Printer E525w Driver And Software Suite | 2023-03-02 | N/A | 7.8 HIGH |
| Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system | |||||
| CVE-2023-26266 | 1 Afl\+\+ Project | 1 Afl\+\+ | 2023-03-02 | N/A | 9.8 CRITICAL |
| In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution. | |||||
| CVE-2015-10085 | 1 Gopistolet Project | 1 Gopistolet | 2023-03-02 | N/A | 7.5 HIGH |
| A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this vulnerability. | |||||
| CVE-2017-20178 | 1 Codiad | 1 Codiad | 2023-03-02 | N/A | 7.5 HIGH |
| ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched remotely. Upgrading to version 2.8.1 is able to address this issue. The name of the patch is 517119de673e62547ee472a730be0604f44342b5. It is recommended to upgrade the affected component. VDB-221498 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-48282 | 1 Mongodb | 1 C\# Driver | 2023-03-02 | N/A | 7.2 HIGH |
| Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior to and including v2.18.0 | |||||
| CVE-2023-0942 | 1 Artisanworkshop | 1 Japanized For Woocommerce | 2023-03-02 | N/A | 6.1 MEDIUM |
| The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2017-20179 | 1 Instedd | 1 Pollit | 2023-03-02 | N/A | 9.8 CRITICAL |
| A vulnerability was found in InSTEDD Pollit 2.3.1. It has been rated as critical. This issue affects the function TourController of the file app/controllers/tour_controller.rb. The manipulation leads to an unknown weakness. The attack may be initiated remotely. Upgrading to version 2.3.2 is able to address this issue. The name of the patch is 6ef04f8b5972d5f16f8b86f8b53f62fac68d5498. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221507. | |||||
| CVE-2022-46637 | 1 Prolink2u | 2 Prs1841, Prs1841 Firmware | 2023-03-02 | N/A | 9.8 CRITICAL |
| Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services. | |||||
| CVE-2023-0945 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2023-03-02 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. Affected is an unknown function of the file index.php?page=add-category. The manipulation of the argument Name with the input "><img src=x onerror=prompt(document.domain);> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221592. | |||||
| CVE-2023-25158 | 1 Geotools | 1 Geotools | 2023-03-02 | N/A | 9.8 CRITICAL |
| GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation. | |||||