Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6347 | 1 Linux | 1 Linux Kernel | 2023-02-09 | 7.2 HIGH | 7.8 HIGH |
| The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission. | |||||
| CVE-2017-6074 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-09 | 7.2 HIGH | 7.8 HIGH |
| The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call. | |||||
| CVE-2017-5576 | 1 Linux | 1 Linux Kernel | 2023-02-09 | 7.2 HIGH | 7.8 HIGH |
| Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl call. | |||||
| CVE-2017-7294 | 1 Linux | 1 Linux Kernel | 2023-02-09 | 7.2 HIGH | 7.8 HIGH |
| The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device. | |||||
| CVE-2021-36434 | 1 Jocms Project | 1 Jocms | 2023-02-09 | N/A | 9.1 CRITICAL |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php. | |||||
| CVE-2021-36431 | 1 Jocms Project | 1 Jocms | 2023-02-09 | N/A | 9.1 CRITICAL |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php. | |||||
| CVE-2021-36433 | 1 Jocms Project | 1 Jocms | 2023-02-09 | N/A | 9.1 CRITICAL |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php. | |||||
| CVE-2021-36544 | 1 Tpcms Project | 1 Tpcms | 2023-02-09 | N/A | 7.5 HIGH |
| Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL. | |||||
| CVE-2021-36432 | 1 Jocms Project | 1 Jocms | 2023-02-09 | N/A | 7.5 HIGH |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php. | |||||
| CVE-2021-36484 | 1 Jizhicms | 1 Jizhicms | 2023-02-09 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. | |||||
| CVE-2021-36532 | 1 Portfoliocms Project | 1 Portfoliocms | 2023-02-09 | N/A | 8.1 HIGH |
| Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php. | |||||
| CVE-2021-36503 | 1 Native-php-cms Project | 1 Native-php-cms | 2023-02-09 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file. | |||||
| CVE-2021-36546 | 1 Kitesky | 1 Kitecms | 2023-02-09 | N/A | 7.5 HIGH |
| Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL. | |||||
| CVE-2021-37234 | 1 Modern Honey Network Project | 1 Modern Honey Network | 2023-02-09 | N/A | 6.5 MEDIUM |
| Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API. | |||||
| CVE-2021-37311 | 1 Fcitx 5 Project | 1 Fcitx 5 | 2023-02-09 | N/A | 7.5 HIGH |
| Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to cause a denial of service via crafted message to the application's listening port. | |||||
| CVE-2021-37497 | 1 Pbootcms | 1 Pbootcms | 2023-02-09 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request. | |||||
| CVE-2021-37316 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2023-02-09 | N/A | 7.5 HIGH |
| SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. | |||||
| CVE-2023-24148 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2023-02-09 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function. | |||||
| CVE-2023-22839 | 1 F5 | 66 Big-ip 10000s, Big-ip 10000s Firmware, Big-ip 10200v and 63 more | 2023-02-09 | N/A | 7.5 HIGH |
| On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-22664 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2023-02-09 | N/A | 7.5 HIGH |
| On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||