Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37789 | 2 Debian, Stb Project | 2 Debian Linux, Stb | 2023-02-28 | N/A | 8.1 HIGH |
| stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service. | |||||
| CVE-2022-25761 | 2 Fedoraproject, Open62541 | 2 Fedora, Open62541 | 2023-02-28 | N/A | 7.5 HIGH |
| The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. | |||||
| CVE-2020-16093 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2023-02-28 | N/A | 7.5 HIGH |
| In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. | |||||
| CVE-2020-21676 | 2 Debian, Fig2dev Project | 2 Debian Linux, Fig2dev | 2023-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | |||||
| CVE-2020-4051 | 3 Debian, Netapp, Openjsf | 6 Debian Linux, Active Iq Unified Manager, Oncommand Insight and 3 more | 2023-02-28 | 3.5 LOW | 5.4 MEDIUM |
| In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3. | |||||
| CVE-2019-14744 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-02-28 | 5.1 MEDIUM | 7.8 HIGH |
| In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file. | |||||
| CVE-2016-15005 | 1 Golf Project | 1 Golf | 2023-02-28 | N/A | 8.8 HIGH |
| CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests. | |||||
| CVE-2018-3718 | 1 Zeit | 1 Serve | 2023-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. | |||||
| CVE-2018-3717 | 1 Sencha | 1 Connect | 2023-02-28 | 3.5 LOW | 5.4 MEDIUM |
| connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware. | |||||
| CVE-2018-3714 | 1 Node-srv Project | 1 Node-srv | 2023-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3713 | 1 Angular-http-server Project | 1 Angular-http-server | 2023-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3711 | 1 Fastify | 1 Fastify | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload. | |||||
| CVE-2018-3755 | 1 Sexstatic Project | 1 Sexstatic | 2023-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name. | |||||
| CVE-2018-3745 | 1 Atob Project | 1 Atob | 2023-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below. | |||||
| CVE-2018-3733 | 1 Crud-file-server Project | 1 Crud-file-server | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2021-32441 | 1 Exponentcms | 1 Exponent Cms | 2023-02-28 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class. | |||||
| CVE-2018-3634 | 1 Intel | 1 Online Connect Access | 2023-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access. | |||||
| CVE-2018-3710 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2023-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. | |||||
| CVE-2022-33185 | 1 Broadcom | 1 Fabric Operating System | 2023-02-28 | N/A | 7.8 HIGH |
| Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. | |||||
| CVE-2022-33183 | 1 Broadcom | 1 Fabric Operating System | 2023-02-28 | N/A | 8.8 HIGH |
| A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. | |||||