Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0822 | 1 Deltaww | 1 Diaenergie | 2023-02-28 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. | |||||
| CVE-2021-33391 | 2 Htacg, Linux | 2 Tidy, Linux Kernel | 2023-02-28 | N/A | 9.8 CRITICAL |
| An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c. | |||||
| CVE-2022-20803 | 1 Clamav | 1 Clamav | 2023-02-28 | N/A | 7.5 HIGH |
| A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. | |||||
| CVE-2019-12523 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost. | |||||
| CVE-2019-12422 | 1 Apache | 1 Shiro | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack. | |||||
| CVE-2023-24044 | 1 Plesk | 1 Obsidian | 2023-02-28 | N/A | 6.1 MEDIUM |
| ** DISPUTED ** A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature." | |||||
| CVE-2023-24785 | 1 Peazip Project | 1 Peazip | 2023-02-28 | N/A | 5.5 MEDIUM |
| An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a denial of service via the End of Archive tag function of the peazip/pea UNPEA feature. | |||||
| CVE-2019-17533 | 2 Debian, Matio Project | 2 Debian Linux, Matio | 2023-02-28 | 6.4 MEDIUM | 8.2 HIGH |
| Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed. | |||||
| CVE-2023-26020 | 4 Apple, Craftercms, Linux and 1 more | 4 Macos, Crafter Cms, Linux Kernel and 1 more | 2023-02-28 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26. | |||||
| CVE-2018-16981 | 2 Debian, Nothings | 2 Debian Linux, Stb Image.h | 2023-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. | |||||
| CVE-2018-25012 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2023-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | |||||
| CVE-2019-9918 | 1 Harmistechnology | 1 Je Messenger | 2023-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database. | |||||
| CVE-2017-5546 | 1 Linux | 1 Linux Kernel | 2023-02-28 | 7.2 HIGH | 7.8 HIGH |
| The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number. | |||||
| CVE-2021-37373 | 1 Teradek | 2 Slice, Slice Firmware | 2023-02-28 | N/A | 5.4 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | |||||
| CVE-2013-4843 | 1 Hp | 2 Integrated Lights-out 4, Integrated Lights-out Firmware | 2023-02-28 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors. | |||||
| CVE-2022-2318 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2023-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. | |||||
| CVE-2022-27778 | 3 Haxx, Netapp, Oracle | 18 Curl, Active Iq Unified Manager, Bh500s Firmware and 15 more | 2023-02-28 | 5.8 MEDIUM | 8.1 HIGH |
| A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. | |||||
| CVE-2022-3649 | 3 Debian, Linux, Netapp | 11 Debian Linux, Linux Kernel, Active Iq Unified Manager and 8 more | 2023-02-28 | N/A | 7.0 HIGH |
| A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992. | |||||
| CVE-2022-1973 | 3 Fedoraproject, Linux, Netapp | 12 Fedora, Linux Kernel, H300s and 9 more | 2023-02-28 | N/A | 7.1 HIGH |
| A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem. | |||||
| CVE-2022-2520 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2023-02-28 | N/A | 6.5 MEDIUM |
| A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. | |||||