Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38066 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP response can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2022-39045 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 8.8 HIGH |
| A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-3169 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2023-02-02 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. | |||||
| CVE-2022-40222 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2022-40220 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the httpd txt/restore.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-40701 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 8.1 HIGH |
| A directory traversal vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-35511 | 2 Debian, Libpng | 2 Debian Linux, Pngcheck | 2023-02-02 | N/A | 7.8 HIGH |
| A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file. | |||||
| CVE-2022-0322 | 3 Fedoraproject, Linux, Oracle | 5 Fedora, Linux Kernel, Communications Cloud Native Core Binding Support Function and 2 more | 2023-02-02 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). | |||||
| CVE-2018-14657 | 1 Redhat | 3 Keycloak, Linux, Single Sign-on | 2023-02-02 | 4.3 MEDIUM | 8.1 HIGH |
| A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures. | |||||
| CVE-2022-1043 | 1 Linux | 1 Linux Kernel | 2023-02-02 | N/A | 8.8 HIGH |
| A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges. | |||||
| CVE-2022-1199 | 3 Linux, Netapp, Redhat | 13 Linux Kernel, Active Iq Unified Manager, H300s and 10 more | 2023-02-02 | N/A | 7.5 HIGH |
| A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. | |||||
| CVE-2022-44263 | 1 Dentsplysirona | 1 Sidexis | 2023-02-02 | N/A | 7.8 HIGH |
| Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Control. | |||||
| CVE-2021-20247 | 3 Debian, Fedoraproject, Mbsync Project | 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more | 2023-02-02 | 5.8 MEDIUM | 7.4 HIGH |
| A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2021-26642 | 2 Microsoft, Xpressengine | 2 Windows, Xpressengine | 2023-02-02 | N/A | 9.8 CRITICAL |
| When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running. | |||||
| CVE-2021-3737 | 6 Canonical, Fedoraproject, Netapp and 3 more | 17 Ubuntu Linux, Fedora, Hci and 14 more | 2023-02-02 | 7.1 HIGH | 7.5 HIGH |
| A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2022-44264 | 1 Dentsplysirona | 1 Sidexis | 2023-02-02 | N/A | 7.8 HIGH |
| Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted Service Path. | |||||
| CVE-2021-3476 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2023-02-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. | |||||
| CVE-2023-24451 | 1 Jenkins | 1 Cisco Spark | 2023-02-02 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-0286 | 2 Linux, Oracle | 4 Linux Kernel, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 1 more | 2023-02-02 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. | |||||
| CVE-2019-10186 | 1 Moodle | 1 Moodle | 2023-02-02 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. | |||||