Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23691 | 1 Dell | 6 Powervault Me5012, Powervault Me5012 Firmware, Powervault Me5024 and 3 more | 2023-02-01 | N/A | 8.8 HIGH |
| Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS. | |||||
| CVE-2022-44789 | 3 Artifex, Debian, Fedoraproject | 3 Mujs, Debian Linux, Fedora | 2023-02-01 | N/A | 8.8 HIGH |
| A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file. | |||||
| CVE-2022-45866 | 2 Fedoraproject, Qpress Project | 2 Fedora, Qpress | 2023-02-01 | N/A | 5.3 MEDIUM |
| qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file. | |||||
| CVE-2023-20908 | 1 Google | 1 Android | 2023-02-01 | N/A | 5.5 MEDIUM |
| In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861 | |||||
| CVE-2023-20905 | 1 Google | 1 Android | 2023-02-01 | N/A | 7.8 HIGH |
| In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741 | |||||
| CVE-2023-0469 | 1 Linux | 1 Linux Kernel | 2023-02-01 | N/A | 5.5 MEDIUM |
| A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service. | |||||
| CVE-2022-45152 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2023-02-01 | N/A | 9.1 CRITICAL |
| A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. | |||||
| CVE-2023-0515 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2023-02-01 | N/A | 7.2 HIGH |
| A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219335. | |||||
| CVE-2021-41989 | 1 Qlik | 1 Qlikview | 2023-02-01 | N/A | 7.8 HIGH |
| Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2022-26659 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2023-02-01 | 3.6 LOW | 7.1 HIGH |
| Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. | |||||
| CVE-2023-0516 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2023-02-01 | N/A | 7.2 HIGH |
| A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file user/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219336. | |||||
| CVE-2022-47042 | 1 Mingsoft | 1 Mcms | 2023-02-01 | N/A | 8.8 HIGH |
| MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do. | |||||
| CVE-2022-46957 | 1 Online Graduate Tracer System Project | 1 Online Graduate Tracer System | 2023-02-01 | N/A | 6.1 MEDIUM |
| Sourcecodester.com Online Graduate Tracer System V 1.0.0 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-44297 | 1 Sscms | 1 Siteserver Cms | 2023-02-01 | N/A | 9.8 CRITICAL |
| SiteServer CMS 7.1.3 has a SQL injection vulnerability the background. | |||||
| CVE-2021-41988 | 1 Qlik | 1 Nprinting Designer | 2023-02-01 | N/A | 7.8 HIGH |
| Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2022-46128 | 1 Doctor Appointment Management System Project | 1 Doctor Appointment Management System | 2023-02-01 | N/A | 6.1 MEDIUM |
| phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=. | |||||
| CVE-2021-4149 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-01 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. | |||||
| CVE-2022-45920 | 1 Softing | 1 Uatoolkit Embedded | 2023-02-01 | N/A | 7.5 HIGH |
| In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak. | |||||
| CVE-2022-44018 | 1 Softing | 1 Uatoolkit Embedded | 2023-02-01 | N/A | 7.5 HIGH |
| In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application. | |||||
| CVE-2022-40977 | 1 Pilz | 15 Pasvisu, Pmi V507, Pmi V507 Firmware and 12 more | 2023-02-01 | N/A | 7.5 HIGH |
| A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability. | |||||