Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25012 | 1 Linux | 1 Linux Kernel | 2023-02-09 | N/A | 4.6 MEDIUM |
| The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. | |||||
| CVE-2021-36538 | 1 Gurock | 1 Testrail | 2023-02-09 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports. | |||||
| CVE-2021-36545 | 1 Tpcms Project | 1 Tpcms | 2023-02-09 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page. | |||||
| CVE-2021-36712 | 1 Yzmcms | 1 Yzmcms | 2023-02-09 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function. | |||||
| CVE-2021-37306 | 1 Jeecg | 1 Jeecg | 2023-02-09 | N/A | 7.5 HIGH |
| An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. | |||||
| CVE-2021-37305 | 1 Jeecg | 1 Jeecg | 2023-02-09 | N/A | 7.5 HIGH |
| An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. | |||||
| CVE-2023-25015 | 2 Clockwork Web Project, Rubyonrails | 2 Clockwork Web, Rails | 2023-02-09 | N/A | 6.5 MEDIUM |
| Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | |||||
| CVE-2021-37304 | 1 Jeecg | 1 Jeecg | 2023-02-09 | N/A | 7.5 HIGH |
| An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. | |||||
| CVE-2022-45492 | 1 Json.h Project | 1 Json.h | 2023-02-09 | N/A | 7.8 HIGH |
| Buffer overflow vulnerability in function json_parse_number in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | |||||
| CVE-2022-2546 | 1 Servmask | 1 All-in-one Wp Migration | 2023-02-09 | N/A | 4.7 MEDIUM |
| The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret key | |||||
| CVE-2022-45496 | 1 Json.h Project | 1 Json.h | 2023-02-09 | N/A | 7.8 HIGH |
| Buffer overflow vulnerability in function json_parse_string in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | |||||
| CVE-2022-45493 | 1 Json.h Project | 1 Json.h | 2023-02-09 | N/A | 7.8 HIGH |
| Buffer overflow vulnerability in function json_parse_key in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | |||||
| CVE-2022-45491 | 1 Json.h Project | 1 Json.h | 2023-02-09 | N/A | 7.8 HIGH |
| Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | |||||
| CVE-2022-46965 | 1 202-ecommerce | 1 Administrative Mandate | 2023-02-09 | N/A | 8.8 HIGH |
| PrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-23636 | 1 Jellyfin | 1 Jellyfin | 2023-02-09 | N/A | 5.4 MEDIUM |
| In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. | |||||
| CVE-2023-22323 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2023-02-09 | N/A | 7.5 HIGH |
| In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-22326 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2023-02-09 | N/A | 4.9 MEDIUM |
| In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-23635 | 1 Jellyfin | 1 Jellyfin | 2023-02-09 | N/A | 5.4 MEDIUM |
| In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. | |||||
| CVE-2022-48023 | 1 Zammad | 1 Zammad | 2023-02-09 | N/A | 4.3 MEDIUM |
| Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags. | |||||
| CVE-2022-48022 | 1 Zammad | 1 Zammad | 2023-02-09 | N/A | 4.3 MEDIUM |
| An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see. | |||||