Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12278 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2023-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352. | |||||
| CVE-2018-1631 | 1 Ibm | 1 Informix Dynamic Server | 2023-02-23 | 7.2 HIGH | 6.7 MEDIUM |
| IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431. | |||||
| CVE-2018-1630 | 1 Ibm | 1 Informix Dynamic Server | 2023-02-23 | 7.2 HIGH | 6.7 MEDIUM |
| IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430. | |||||
| CVE-2021-24119 | 3 Arm, Debian, Fedoraproject | 3 Mbed Tls, Debian Linux, Fedora | 2023-02-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | |||||
| CVE-2020-10941 | 3 Arm, Debian, Fedoraproject | 4 Mbed Crypto, Mbed Tls, Debian Linux and 1 more | 2023-02-23 | 4.3 MEDIUM | 5.9 MEDIUM |
| Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. | |||||
| CVE-2021-44732 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2023-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. | |||||
| CVE-2022-35268 | 1 Robustel | 2 R1510, R1510 Firmware | 2023-02-23 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_sdk_file/` API. | |||||
| CVE-2022-35269 | 1 Robustel | 2 R1510, R1510 Firmware | 2023-02-23 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_e2c_json_file/` API. | |||||
| CVE-2022-35270 | 1 Robustel | 2 R1510, R1510 Firmware | 2023-02-23 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_wireguard_cert_file/` API. | |||||
| CVE-2022-35271 | 1 Robustel | 2 R1510, R1510 Firmware | 2023-02-23 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_cert_file/` API. | |||||
| CVE-2022-3705 | 4 Debian, Fedoraproject, Netapp and 1 more | 4 Debian Linux, Fedora, Active Iq Unified Manager and 1 more | 2023-02-23 | N/A | 7.5 HIGH |
| A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. | |||||
| CVE-2021-31693 | 1 Vmware | 1 Tools | 2023-02-23 | N/A | 6.5 MEDIUM |
| VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS. | |||||
| CVE-2022-42818 | 1 Apple | 1 Macos | 2023-02-23 | N/A | 5.9 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity. | |||||
| CVE-2019-6110 | 4 Netapp, Openbsd, Siemens and 1 more | 9 Element Software, Ontap Select Deploy, Storage Automation Store and 6 more | 2023-02-23 | 4.0 MEDIUM | 6.8 MEDIUM |
| In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. | |||||
| CVE-2022-40259 | 1 Ami | 1 Megarac Sp-x | 2023-02-23 | N/A | 9.8 CRITICAL |
| MegaRAC Default Credentials Vulnerability | |||||
| CVE-2019-6109 | 9 Canonical, Debian, Fedoraproject and 6 more | 28 Ubuntu Linux, Debian Linux, Fedora and 25 more | 2023-02-23 | 4.0 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. | |||||
| CVE-2018-20685 | 9 Canonical, Debian, Fujitsu and 6 more | 30 Ubuntu Linux, Debian Linux, M10-1 and 27 more | 2023-02-23 | 2.6 LOW | 5.3 MEDIUM |
| In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. | |||||
| CVE-2018-15473 | 7 Canonical, Debian, Netapp and 4 more | 24 Ubuntu Linux, Debian Linux, Aff Baseboard Management Controller and 21 more | 2023-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | |||||
| CVE-2016-10954 | 1 Dynamicpress | 1 Neosense | 2023-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. | |||||
| CVE-2016-10953 | 1 Headwaythemes | 1 Headway | 2023-02-23 | 3.5 LOW | 5.4 MEDIUM |
| The Headway theme before 3.8.9 for WordPress has XSS via the license key field. | |||||