Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-21531 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2023-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. | |||||
| CVE-2020-21529 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2023-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. | |||||
| CVE-2020-21598 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2023-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. | |||||
| CVE-2020-21597 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2023-02-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file. | |||||
| CVE-2020-21596 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2023-02-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. | |||||
| CVE-2021-41081 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2023-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search. | |||||
| CVE-2021-41080 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2023-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search. | |||||
| CVE-2023-24187 | 1 Ureport Project | 1 Ureport | 2023-02-22 | N/A | 7.8 HIGH |
| An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. | |||||
| CVE-2023-0819 | 1 Gpac | 1 Gpac | 2023-02-22 | N/A | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV. | |||||
| CVE-2021-40403 | 3 Debian, Fedoraproject, Gerbv Project | 3 Debian Linux, Fedora, Gerbv | 2023-02-22 | 4.3 MEDIUM | 6.3 MEDIUM |
| An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-40401 | 3 Debian, Fedoraproject, Gerbv Project | 3 Debian Linux, Fedora, Gerbv | 2023-02-22 | 6.8 MEDIUM | 8.6 HIGH |
| A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-0655 | 1 Sonicwall | 1 Email Security | 2023-02-22 | N/A | 5.3 MEDIUM |
| SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. | |||||
| CVE-2022-22809 | 1 Schneider-electric | 6 Fellerlynk, Fellerlynk Firmware, Spacelynk and 3 more | 2023-02-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) | |||||
| CVE-2022-22807 | 1 Schneider-electric | 14 Hmibscea53d1edb, Hmibscea53d1edb Firmware, Hmibscea53d1edl and 11 more | 2023-02-22 | 4.3 MEDIUM | 7.4 HIGH |
| A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13) | |||||
| CVE-2023-23856 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2023-02-22 | N/A | 5.4 MEDIUM |
| In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause a low impact on integrity of the application. | |||||
| CVE-2022-24329 | 2 Jetbrains, Oracle | 3 Kotlin, Communications Cloud Native Core Binding Support Function, Communications Pricing Design Center | 2023-02-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. | |||||
| CVE-2022-24720 | 2 Debian, Image Processing Project | 2 Debian Linux, Image Processing | 2023-02-22 | 10.0 HIGH | 9.8 CRITICAL |
| image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is called internally by Active Storage variants, so Active Storage is vulnerable as well. The vulnerability has been fixed in version 1.12.2 of image_processing. As a workaround, users who process based on user input should always sanitize the user input by allowing only a constrained set of operations. | |||||
| CVE-2022-22946 | 2 Oracle, Vmware | 6 Commerce Guided Search, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Console and 3 more | 2023-02-22 | 2.1 LOW | 5.5 MEDIUM |
| In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates. | |||||
| CVE-2021-4002 | 4 Debian, Fedoraproject, Linux and 1 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2023-02-22 | 3.6 LOW | 4.4 MEDIUM |
| A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. | |||||
| CVE-2022-0839 | 2 Liquibase, Oracle | 2 Liquibase, Sqlcl | 2023-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0. | |||||