Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3482 | 1 Gitlab | 1 Gitlab | 2023-02-01 | N/A | 5.3 MEDIUM |
| An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only | |||||
| CVE-2022-3478 | 1 Gitlab | 1 Gitlab | 2023-02-01 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package. | |||||
| CVE-2017-14648 | 1 Bladeenc | 1 Bladeenc | 2023-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. | |||||
| CVE-2019-19142 | 1 Intelbras | 2 Wrn 240, Wrn 240 Firmware | 2023-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI. | |||||
| CVE-2019-14304 | 1 Ricoh | 104 M 2700, M 2700 Firmware, M 2701 and 101 more | 2023-02-01 | 6.8 MEDIUM | 8.8 HIGH |
| Ricoh SP C250DN 1.06 devices allow CSRF. | |||||
| CVE-2018-3947 | 1 Yitechnology | 3 Yi Home, Yi Home Camera, Yi Home Camera Firmware | 2023-02-01 | 4.3 MEDIUM | 8.1 HIGH |
| An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability. | |||||
| CVE-2019-11757 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2023-02-01 | 6.8 MEDIUM | 8.8 HIGH |
| When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | |||||
| CVE-2020-5390 | 3 Canonical, Debian, Pysaml2 Project | 3 Ubuntu Linux, Debian Linux, Pysaml2 | 2023-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed. | |||||
| CVE-2019-19886 | 2 Fedoraproject, Trustwave | 2 Fedora, Modsecurity | 2023-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc. | |||||
| CVE-2019-19475 | 1 Zohocorp | 1 Manageengine Applications Manager | 2023-02-01 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system. | |||||
| CVE-2014-6038 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2023-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000. | |||||
| CVE-2022-38758 | 1 Netiq | 1 Imanager | 2023-02-01 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL. | |||||
| CVE-2022-31711 | 1 Vmware | 1 Vrealize Log Insight | 2023-02-01 | N/A | 5.3 MEDIUM |
| VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication. | |||||
| CVE-2022-31710 | 1 Vmware | 1 Vrealize Log Insight | 2023-02-01 | N/A | 7.5 HIGH |
| vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service. | |||||
| CVE-2022-31706 | 1 Vmware | 1 Vrealize Log Insight | 2023-02-01 | N/A | 9.8 CRITICAL |
| The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | |||||
| CVE-2022-31704 | 1 Vmware | 1 Vrealize Log Insight | 2023-02-01 | N/A | 9.8 CRITICAL |
| The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. | |||||
| CVE-2022-29844 | 1 Westerndigital | 16 My Cloud Dl2100, My Cloud Dl2100 Firmware, My Cloud Dl4100 and 13 more | 2023-02-01 | N/A | 9.8 CRITICAL |
| A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker. | |||||
| CVE-2020-22452 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-02-01 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php. | |||||
| CVE-2019-14301 | 1 Ricoh | 104 M 2700, M 2700 Firmware, M 2701 and 101 more | 2023-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2). | |||||
| CVE-2022-29843 | 1 Westerndigital | 16 My Cloud Dl2100, My Cloud Dl2100 Firmware, My Cloud Dl4100 and 13 more | 2023-02-01 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user. | |||||