Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14302 | 1 Ricoh | 121 M 2700, M 2700 Firmware, M 2701 and 118 more | 2023-02-01 | 7.2 HIGH | 6.8 MEDIUM |
| On Ricoh SP C250DN 1.06 devices, a debug port can be used. | |||||
| CVE-2014-4984 | 1 Dejavuprotech | 1 Crescendo - Sales Crm | 2023-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| Déjà Vu Crescendo Sales CRM has remote SQL Injection | |||||
| CVE-2014-4982 | 1 Xorux | 1 Lpar2rrd | 2023-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| LPAR2RRD ? 4.53 and ? 3.5 has arbitrary command injection on the application server. | |||||
| CVE-2022-21192 | 1 Serve-lite Project | 1 Serve-lite | 2023-02-01 | N/A | 7.5 HIGH |
| All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join(). | |||||
| CVE-2018-3964 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2023-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2020-22327 | 1 Hfish Project | 1 Hfish | 2023-02-01 | N/A | 6.1 MEDIUM |
| An issue was discovered in HFish 0.5.1. When a payload is inserted where the name is entered, XSS code is triggered when the administrator views the information. | |||||
| CVE-2022-25350 | 1 Helecloud | 1 Puppet-facter | 2023-02-01 | N/A | 7.8 HIGH |
| All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization. | |||||
| CVE-2019-10957 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2023-02-01 | 3.5 LOW | 4.8 MEDIUM |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser. | |||||
| CVE-2023-0414 | 1 Wireshark | 1 Wireshark | 2023-02-01 | N/A | 6.5 MEDIUM |
| Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2019-13767 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2023-02-01 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2023-0416 | 1 Wireshark | 1 Wireshark | 2023-02-01 | N/A | 6.5 MEDIUM |
| GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file | |||||
| CVE-2022-21810 | 1 Smartctl Project | 1 Smartctl | 2023-02-01 | N/A | 7.8 HIGH |
| All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization. | |||||
| CVE-2022-44641 | 2 Debian, Linaro | 2 Debian Linux, Lava | 2023-02-01 | N/A | 6.5 MEDIUM |
| In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. | |||||
| CVE-2022-4202 | 1 Gpac | 1 Gpac | 2023-02-01 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a patch to fix this issue. VDB-214518 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0448 | 1 Matbao | 1 Wp Helper Premium | 2023-02-01 | N/A | 6.1 MEDIUM |
| The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. | |||||
| CVE-2022-4172 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2023-02-01 | N/A | 6.5 MEDIUM |
| An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host. | |||||
| CVE-2023-0463 | 1 Devolutions | 1 Remote Desktop Manager | 2023-02-01 | N/A | 3.3 LOW |
| The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk. | |||||
| CVE-2022-3500 | 3 Fedoraproject, Keylime, Redhat | 3 Fedora, Keylime, Enterprise Linux | 2023-02-01 | N/A | 5.1 MEDIUM |
| A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore. | |||||
| CVE-2023-20904 | 1 Google | 1 Android | 2023-02-01 | N/A | 7.8 HIGH |
| In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272 | |||||
| CVE-2023-0468 | 1 Linux | 1 Linux Kernel | 2023-02-01 | N/A | 4.7 MEDIUM |
| A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference. | |||||