Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46789 | 1 Huawei | 2 Emui, Magic Ui | 2023-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability. | |||||
| CVE-2019-11759 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2023-02-01 | 6.8 MEDIUM | 8.8 HIGH |
| An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | |||||
| CVE-2022-46999 | 1 Tuzicms | 1 Tuzicms | 2023-02-01 | N/A | 9.8 CRITICAL |
| Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component \App\Manage\Controller\UserController.class.php. | |||||
| CVE-2019-11760 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2023-02-01 | 6.8 MEDIUM | 8.8 HIGH |
| A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | |||||
| CVE-2022-1270 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-02-01 | N/A | 7.8 HIGH |
| In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. | |||||
| CVE-2019-11761 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2023-02-01 | 5.8 MEDIUM | 5.4 MEDIUM |
| By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | |||||
| CVE-2019-11762 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2023-02-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | |||||
| CVE-2023-23331 | 1 Amano | 1 Xoffice | 2023-02-01 | N/A | 9.8 CRITICAL |
| Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection. | |||||
| CVE-2023-23824 | 1 Wp Topbar Project | 1 Wp Topbar | 2023-02-01 | N/A | 8.8 HIGH |
| Auth. SQL Injection (SQLi) vulnerability in WP-TopBar <= 5.36 versions. | |||||
| CVE-2023-23687 | 1 Youtube Shortcode Project | 1 Youtube Shortcode | 2023-02-01 | N/A | 5.4 MEDIUM |
| Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube shortcode <= 1.8.5 versions. | |||||
| CVE-2023-0447 | 1 My Youtube Channel Project | 1 My Youtube Channel | 2023-02-01 | N/A | 4.3 MEDIUM |
| The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clear_all_cache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear the plugin's cache. | |||||
| CVE-2023-0446 | 1 My Youtube Channel Project | 1 My Youtube Channel | 2023-02-01 | N/A | 5.5 MEDIUM |
| The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-24099 | 1 Trendnet | 2 Tew-820ap, Tew-820ap Firmware | 2023-02-01 | N/A | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the username parameter at /formWizardPassword. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-24098 | 1 Trendnet | 2 Tew-820ap, Tew-820ap Firmware | 2023-02-01 | N/A | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSysLog. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-24097 | 1 Trendnet | 2 Tew-820ap, Tew-820ap Firmware | 2023-02-01 | N/A | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formPasswordAuth. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-24096 | 1 Trendnet | 2 Tew-820ap, Tew-820ap Firmware | 2023-02-01 | N/A | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-24095 | 1 Trendnet | 2 Tew-820ap, Tew-820ap Firmware | 2023-02-01 | N/A | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSystemCheck. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-7980 | 1 Intelliantech | 1 Aptus Web | 2023-02-01 | 10.0 HIGH | 9.8 CRITICAL |
| Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed. | |||||
| CVE-2023-0115 | 2023-02-01 | N/A | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2020-14395 | 2023-01-31 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | |||||