Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40035 | 1 Blog-ssm Project | 1 Blog-ssm | 2023-02-01 | N/A | 8.8 HIGH |
| File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component. | |||||
| CVE-2022-43864 | 1 Ibm | 2 Business Automation Workflow, Business Monitor | 2023-02-01 | N/A | 7.5 HIGH |
| IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427. | |||||
| CVE-2022-40036 | 1 Blog-ssm Project | 1 Blog-ssm | 2023-02-01 | N/A | 6.5 MEDIUM |
| An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component. | |||||
| CVE-2023-24165 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2023-02-01 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo. | |||||
| CVE-2023-24164 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2023-02-01 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318. | |||||
| CVE-2022-27508 | 1 Citrix | 2 Application Delivery Controller, Gateway | 2023-02-01 | N/A | 7.5 HIGH |
| Unauthenticated denial of service | |||||
| CVE-2022-27507 | 1 Citrix | 2 Application Delivery Controller, Gateway | 2023-02-01 | N/A | 6.5 MEDIUM |
| Authenticated denial of service | |||||
| CVE-2019-4716 | 1 Ibm | 1 Planning Analytics | 2023-02-01 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094. | |||||
| CVE-2023-24166 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2023-02-01 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet. | |||||
| CVE-2019-14465 | 1 Schismtracker | 1 Schism Tracker | 2023-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow. | |||||
| CVE-2019-9904 | 1 Graphviz | 1 Graphviz | 2023-02-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c. | |||||
| CVE-2023-24169 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2023-02-01 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c. | |||||
| CVE-2023-24167 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2023-02-01 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node. | |||||
| CVE-2022-47073 | 1 Small Crm Project | 1 Small Crm | 2023-02-01 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter. | |||||
| CVE-2023-24170 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2023-02-01 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat. | |||||
| CVE-2019-19648 | 2 Fedoraproject, Virustotal | 2 Fedora, Yara | 2023-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution. | |||||
| CVE-2023-20923 | 1 Google | 1 Android | 2023-02-01 | N/A | 5.5 MEDIUM |
| In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A | |||||
| CVE-2019-12213 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-02-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion. | |||||
| CVE-2023-20924 | 1 Google | 1 Android | 2023-02-01 | N/A | 6.8 MEDIUM |
| In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A | |||||
| CVE-2019-14889 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2023-02-01 | 9.3 HIGH | 8.8 HIGH |
| A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target. | |||||