Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12597 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2023-03-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName. | |||||
| CVE-2020-14154 | 2 Canonical, Mutt | 2 Ubuntu Linux, Mutt | 2023-03-01 | 5.8 MEDIUM | 4.8 MEDIUM |
| Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. | |||||
| CVE-2019-12596 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2023-03-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType. | |||||
| CVE-2019-12595 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2023-03-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter. | |||||
| CVE-2019-12537 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2023-03-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field. | |||||
| CVE-2022-44755 | 1 Hcltech | 1 Notes | 2023-03-01 | N/A | 7.8 HIGH |
| HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM. | |||||
| CVE-2022-44753 | 1 Hcltech | 1 Notes | 2023-03-01 | N/A | 7.8 HIGH |
| HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM. | |||||
| CVE-2022-44754 | 1 Hcltech | 1 Domino | 2023-03-01 | N/A | 7.8 HIGH |
| HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750. This vulnerability applies to software previously licensed by IBM. | |||||
| CVE-2022-44752 | 1 Hcltech | 1 Domino | 2023-03-01 | N/A | 7.8 HIGH |
| HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM. | |||||
| CVE-2023-25569 | 1 Apolloconfig | 1 Apollo | 2023-03-01 | N/A | 5.7 MEDIUM |
| Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cookie SameSite strategy was set to Lax in version 2.1.0. As a workaround, avoid visiting unknown source pages. | |||||
| CVE-2022-38153 | 1 Wolfssl | 1 Wolfssl | 2023-03-01 | N/A | 5.9 MEDIUM |
| An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle. | |||||
| CVE-2022-38152 | 1 Wolfssl | 1 Wolfssl | 2023-03-01 | N/A | 7.5 HIGH |
| An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API. | |||||
| CVE-2022-44750 | 1 Hcltech | 1 Domino | 2023-03-01 | N/A | 7.8 HIGH |
| HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754. This vulnerability applies to software previously licensed by IBM. | |||||
| CVE-2018-19570 | 1 Gitlab | 1 Gitlab | 2023-03-01 | 3.5 LOW | 5.4 MEDIUM |
| GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags. | |||||
| CVE-2018-19577 | 1 Gitlab | 1 Gitlab | 2023-03-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. | |||||
| CVE-2018-19583 | 1 Gitlab | 1 Gitlab | 2023-03-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token. | |||||
| CVE-2018-19571 | 1 Gitlab | 1 Gitlab | 2023-03-01 | 4.0 MEDIUM | 7.7 HIGH |
| GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. | |||||
| CVE-2018-19574 | 1 Gitlab | 1 Gitlab | 2023-03-01 | 3.5 LOW | 5.4 MEDIUM |
| GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. | |||||
| CVE-2018-19573 | 1 Gitlab | 1 Gitlab | 2023-03-01 | 3.5 LOW | 5.4 MEDIUM |
| GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid. | |||||
| CVE-2022-41552 | 3 Hitachi, Linux, Microsoft | 5 Infrastructure Analytics Advisor, Ops Center Analyzer, Ops Center Viewpoint and 2 more | 2023-03-01 | N/A | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00. | |||||