Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45527 | 1 Institutional Management Website Project | 1 Institutional Management Website | 2023-02-18 | N/A | 9.8 CRITICAL |
| File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory. | |||||
| CVE-2022-45526 | 1 Institutional Management Website Project | 1 Institutional Management Website | 2023-02-18 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php. | |||||
| CVE-2022-42438 | 2 Ibm, Linux | 2 Cloud Pak For Multicloud Management Monitoring, Linux Kernel | 2023-02-18 | N/A | 8.8 HIGH |
| IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210. | |||||
| CVE-2022-35720 | 3 Ibm, Linux, Microsoft | 6 Aix, Linux On Ibm Z, Sterling External Authentication Server and 3 more | 2023-02-18 | N/A | 5.5 MEDIUM |
| IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373. | |||||
| CVE-2022-34362 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more | 2023-02-18 | N/A | 4.6 MEDIUM |
| IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523. | |||||
| CVE-2023-0003 | 1 Paloaltonetworks | 1 Cortex Xsoar | 2023-02-18 | N/A | 6.5 MEDIUM |
| A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server. | |||||
| CVE-2023-0002 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2023-02-18 | N/A | 7.8 HIGH |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. | |||||
| CVE-2023-0001 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2023-02-18 | N/A | 6.7 MEDIUM |
| An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent. | |||||
| CVE-2023-0748 | 1 Btcpayserver | 1 Btcpayserver | 2023-02-18 | N/A | 6.1 MEDIUM |
| Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | |||||
| CVE-2023-0747 | 1 Btcpayserver | 1 Btcpayserver | 2023-02-18 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | |||||
| CVE-2022-41620 | 1 Seosamba | 1 Seosamba | 2023-02-18 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPress Webmasters plugin <= 1.0.5 versions. | |||||
| CVE-2022-43765 | 1 Br-automation | 1 Industrial Automation Aprol | 2023-02-18 | N/A | 7.5 HIGH |
| B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service. | |||||
| CVE-2022-43764 | 1 Br-automation | 1 Industrial Automation Aprol | 2023-02-18 | N/A | 9.8 CRITICAL |
| Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer overflow. This may lead to Denial-of-Service conditions or execution of arbitrary code. | |||||
| CVE-2022-43763 | 1 Br-automation | 1 Industrial Automation Aprol | 2023-02-18 | N/A | 7.5 HIGH |
| Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07. | |||||
| CVE-2022-43762 | 1 Br-automation | 1 Industrial Automation Aprol | 2023-02-18 | N/A | 9.8 CRITICAL |
| Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages | |||||
| CVE-2022-2094 | 1 Yellowyard | 1 Yellow Yard Searchbar | 2023-02-18 | N/A | 6.1 MEDIUM |
| The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting | |||||
| CVE-2023-0744 | 1 Answer | 1 Answer | 2023-02-18 | N/A | 9.8 CRITICAL |
| Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4. | |||||
| CVE-2019-16884 | 6 Canonical, Docker, Fedoraproject and 3 more | 10 Ubuntu Linux, Docker, Fedora and 7 more | 2023-02-18 | 5.0 MEDIUM | 7.5 HIGH |
| runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | |||||
| CVE-2023-0433 | 1 Vim | 1 Vim | 2023-02-17 | N/A | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. | |||||
| CVE-2022-47024 | 1 Vim | 1 Vim | 2023-02-17 | N/A | 7.8 HIGH |
| A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. | |||||