Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47769 | 1 Serinf | 1 Fast Checkin | 2023-02-07 | N/A | 9.8 CRITICAL |
| An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell. | |||||
| CVE-2022-47768 | 1 Serinf | 1 Fast Checkin | 2023-02-07 | N/A | 7.5 HIGH |
| Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Traversal. | |||||
| CVE-2022-31902 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2023-02-07 | N/A | 5.5 MEDIUM |
| Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add(). | |||||
| CVE-2023-23928 | 1 Reason-jose Project | 1 Reason-jose | 2023-02-07 | N/A | 9.8 CRITICAL |
| reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. This allows tampering of JWS header and payload data if the service does not perform additional checks. Such tampering could expose applications using reason-jose to authorization bypass. Applications relying on JWS claims assertion to enforce security boundaries may be vulnerable to privilege escalation. This issue has been patched in version 0.8.2. | |||||
| CVE-2023-23630 | 1 Eta.js | 1 Eta | 2023-02-07 | N/A | 6.1 MEDIUM |
| Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to `res.render`. | |||||
| CVE-2023-0587 | 1 Trendmicro | 1 Apex One | 2023-02-07 | N/A | 9.1 CRITICAL |
| A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed. | |||||
| CVE-2023-0524 | 1 Tenable | 3 Nessus, Tenable.io, Tenable.sc | 2023-02-07 | N/A | 8.8 HIGH |
| As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055. | |||||
| CVE-2023-0454 | 1 Orangescrum | 1 Orangescrum | 2023-02-07 | N/A | 8.1 HIGH |
| OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path. | |||||
| CVE-2022-4206 | 1 Gitlab | 1 Dast Api Scanner | 2023-02-07 | N/A | 6.5 MEDIUM |
| A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report | |||||
| CVE-2020-6090 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2023-02-07 | 9.0 HIGH | 7.2 HIGH |
| An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-4279 | 1 Starcounter-jack | 1 Json-patch | 2023-02-07 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.1 is able to address this issue. The name of the patch is 7ad6af41eabb2d799f698740a91284d762c955c9. It is recommended to upgrade the affected component. VDB-216778 is the identifier assigned to this vulnerability. | |||||
| CVE-2018-14632 | 2 Redhat, Starcounter-jack | 2 Openshift Container Platform, Json-patch | 2023-02-07 | 4.0 MEDIUM | 7.7 HIGH |
| An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management. | |||||
| CVE-2017-17854 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-07 | 7.2 HIGH | 7.8 HIGH |
| kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic. | |||||
| CVE-2017-18079 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-02-07 | 7.2 HIGH | 7.8 HIGH |
| drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. | |||||
| CVE-2017-18075 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-02-07 | 7.2 HIGH | 7.8 HIGH |
| crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. | |||||
| CVE-2017-17857 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-07 | 7.2 HIGH | 7.8 HIGH |
| The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations. | |||||
| CVE-2017-17856 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-07 | 7.2 HIGH | 7.8 HIGH |
| kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement. | |||||
| CVE-2023-24241 | 1 Forget Heart Message Box Project | 1 Forget Heart Message Box | 2023-02-07 | N/A | 9.8 CRITICAL |
| Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php. | |||||
| CVE-2023-24956 | 1 Forget Heart Message Box Project | 1 Forget Heart Message Box | 2023-02-07 | N/A | 8.8 HIGH |
| Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php. | |||||
| CVE-2017-18509 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-02-07 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187. | |||||