Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22360 | 1 Jtekt | 1 Screen Creator Advance 2 | 2023-02-27 | N/A | 7.8 HIGH |
| Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
| CVE-2021-29458 | 3 Debian, Exiv2, Fedoraproject | 3 Debian Linux, Exiv2, Fedora | 2023-02-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4. | |||||
| CVE-2023-22353 | 1 Jtekt | 1 Screen Creator Advance 2 | 2023-02-27 | N/A | 7.8 HIGH |
| Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
| CVE-2023-22350 | 1 Jtekt | 1 Screen Creator Advance 2 | 2023-02-27 | N/A | 7.8 HIGH |
| Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing parts management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
| CVE-2021-2175 | 1 Oracle | 1 Database Server | 2023-02-27 | 4.0 MEDIUM | 2.7 LOW |
| Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any View, Select Any View privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2022-33892 | 1 Intel | 1 Quartus Prime | 2023-02-27 | N/A | 7.8 HIGH |
| Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-0943 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2023-02-27 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects some unknown processing of the file index.php?page=site_settings of the component Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591. | |||||
| CVE-2022-31814 | 1 Netgate | 1 Pfblockerng | 2023-02-27 | N/A | 9.8 CRITICAL |
| pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected. | |||||
| CVE-2023-0917 | 1 Simple Customer Relationship Management System Project | 1 Simple Customer Relationship Management System | 2023-02-27 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Simple Customer Relationship Management System 1.0. This affects an unknown part of the file /php-scrm/login.php. The manipulation of the argument Password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221493 was assigned to this vulnerability. | |||||
| CVE-2023-0946 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2023-02-27 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Best POS Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file billing/index.php?id=9. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-221593 was assigned to this vulnerability. | |||||
| CVE-2023-0918 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2023-02-27 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in codeprojects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file add.php of the component Avatar Image Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221494 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0916 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2023-02-27 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491. | |||||
| CVE-2023-0938 | 1 Music Gallery Site Project | 1 Music Gallery Site | 2023-02-27 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221553 was assigned to this vulnerability. | |||||
| CVE-2023-0905 | 1 Employee Task Management System Project | 1 Employee Task Management System | 2023-02-27 | N/A | 7.5 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221454 is the identifier assigned to this vulnerability. | |||||
| CVE-2018-20846 | 1 Uclouvain | 1 Openjpeg | 2023-02-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | |||||
| CVE-2018-20845 | 1 Uclouvain | 1 Openjpeg | 2023-02-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | |||||
| CVE-2018-20847 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2023-02-27 | 6.8 MEDIUM | 8.8 HIGH |
| An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. | |||||
| CVE-2018-3775 | 1 Nextcloud | 1 Nextcloud Server | 2023-02-27 | 4.0 MEDIUM | 8.8 HIGH |
| Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | |||||
| CVE-2023-0915 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2023-02-27 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. Affected is an unknown function of the file /adms/admin/?page=user/manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221490 is the identifier assigned to this vulnerability. | |||||
| CVE-2018-6156 | 2 Canonical, Google | 2 Ubuntu Linux, Chrome | 2023-02-27 | 6.8 MEDIUM | 8.8 HIGH |
| Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. | |||||