Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22332 | 1 Pgpool | 1 Pgpool-ii | 2023-02-06 | N/A | 6.5 MEDIUM |
| Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials. | |||||
| CVE-2020-36659 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Apache\ | 2023-02-06 | N/A | 8.1 HIGH |
| In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix. | |||||
| CVE-2022-4470 | 1 Trustindex | 1 Widgets For Google Reviews | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Widgets for Google Reviews WordPress plugin before 9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4472 | 1 Simple Sitemap Project | 1 Simple Sitemap | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2020-36658 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Apache\ | 2023-02-06 | N/A | 8.1 HIGH |
| In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix. | |||||
| CVE-2019-13571 | 1 Vsourz | 1 Advanced Cf7 Db | 2023-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | |||||
| CVE-2023-22960 | 1 Lexmark | 256 B2236, B2236 Firmware, B2338 and 253 more | 2023-02-06 | N/A | 7.5 HIGH |
| Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. | |||||
| CVE-2023-23619 | 1 Lfprojects | 1 Modelina | 2023-02-06 | N/A | 8.8 HIGH |
| Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue has been partially mitigated in version 1.0.0, with the maintainer's GitHub Security Advisory (GHSA) noting "It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not encounter this issue. Further similar situations are NOT seen as a security issue, but intended behavior." The suggested workaround from the maintainers is "Fully custom presets that change the entire rendering process which can then escape the user input." | |||||
| CVE-2022-2712 | 1 Eclipse | 1 Glassfish | 2023-02-06 | N/A | 7.5 HIGH |
| In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code. | |||||
| CVE-2023-0549 | 1 Yetanotherforum | 1 Yaf.net | 2023-02-06 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The name of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability. | |||||
| CVE-2023-22740 | 1 Discourse | 1 Discourse | 2023-02-06 | N/A | 6.5 MEDIUM |
| Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the server. Additionally, an unlimited number of drafts were loaded when loading the user. This issue has been patched in version 2.1.0.beta1 (beta) and (tests-passed). Users should upgrade to the latest version where a limit has been introduced. There are no workarounds available. | |||||
| CVE-2023-23628 | 1 Metabase | 1 Metabase | 2023-02-06 | N/A | 4.1 MEDIUM |
| Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about other Metabase users anywhere in the Metabase application. However, when a sandbox user views the settings for a dashboard subscription, and another user has added users to that subscription, the sandboxed user is able to view the list of recipients for that subscription. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. There are no workarounds. | |||||
| CVE-2022-44715 | 1 Netscout | 1 Ngeniusone | 2023-02-06 | N/A | 8.8 HIGH |
| Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload. | |||||
| CVE-2022-43979 | 1 Pandorafms | 1 Pandora Fms | 2023-02-06 | N/A | 9.8 CRITICAL |
| There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thus being able to incluse any PHP file that resides on the disk. The exploitation of this vulnerability could lead to a remote code execution. | |||||
| CVE-2023-0555 | 1 Thingsforrestaurants | 1 Quick Restaurant Menu | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions intended for administrator use. Actions include menu item creation, update and deletion and other menu management functions. Since the plugin does not verify that a post ID passed to one of its AJAX actions belongs to a menu item, this can lead to arbitrary post deletion/alteration. | |||||
| CVE-2022-48108 | 1 Dlink | 2 Dir 878, Dir 878 Firmware | 2023-02-06 | N/A | 9.8 CRITICAL |
| D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2023-23949 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2023-02-06 | N/A | 5.4 MEDIUM |
| An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. | |||||
| CVE-2023-20928 | 1 Google | 1 Android | 2023-02-06 | N/A | 7.8 HIGH |
| In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel | |||||
| CVE-2023-21675 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2023-02-06 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. | |||||
| CVE-2016-1240 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2023-02-06 | 7.2 HIGH | 7.8 HIGH |
| The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out. | |||||