Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39173 | 1 Wolfssl | 1 Wolfssl | 2023-02-15 | N/A | 7.5 HIGH |
| In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message. | |||||
| CVE-2023-0698 | 1 Google | 1 Chrome | 2023-02-15 | N/A | 8.8 HIGH |
| Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0696 | 1 Google | 1 Chrome | 2023-02-15 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0697 | 1 Google | 2 Android, Chrome | 2023-02-15 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0742 | 1 Answer | 1 Answer | 2023-02-15 | N/A | 9.0 CRITICAL |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4. | |||||
| CVE-2023-0740 | 1 Answer | 1 Answer | 2023-02-15 | N/A | 9.0 CRITICAL |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4. | |||||
| CVE-2022-41312 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2023-02-15 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="Switch Description", name "switch_description" | |||||
| CVE-2022-2992 | 1 Gitlab | 1 Gitlab | 2023-02-15 | N/A | 9.9 CRITICAL |
| A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint. | |||||
| CVE-2022-42719 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2023-02-15 | N/A | 8.8 HIGH |
| A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. | |||||
| CVE-2022-41222 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-15 | N/A | 7.0 HIGH |
| mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. | |||||
| CVE-2022-41313 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2023-02-15 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="switch_contact" | |||||
| CVE-2021-36471 | 1 Adminlte.io | 1 Adminlte | 2023-02-15 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs. | |||||
| CVE-2023-0731 | 1 Interactive Geo Maps Project | 1 Interactive Geo Maps | 2023-02-15 | N/A | 5.4 MEDIUM |
| The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-23026 | 1 Simple Sales Management System Project | 1 Simple Sales Management System | 2023-02-15 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php. | |||||
| CVE-2023-23011 | 1 Invoiceplane | 1 Invoiceplane | 2023-02-15 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php. | |||||
| CVE-2023-0736 | 1 Wallabag | 1 Wallabag | 2023-02-15 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4. | |||||
| CVE-2023-0735 | 1 Wallabag | 1 Wallabag | 2023-02-15 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4. | |||||
| CVE-2022-47413 | 1 Openkm | 1 Openkm | 2023-02-15 | N/A | 5.4 MEDIUM |
| Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition. | |||||
| CVE-2022-47414 | 1 Openkm | 1 Openkm | 2023-02-15 | N/A | 5.4 MEDIUM |
| If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality. | |||||
| CVE-2022-40691 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2023-02-15 | N/A | 5.3 MEDIUM |
| An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | |||||