Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34666 | 5 Citrix, Linux, Microsoft and 2 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2023-01-31 | N/A | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | |||||
| CVE-2022-45149 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2023-01-31 | N/A | 5.4 MEDIUM |
| A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks. | |||||
| CVE-2022-43428 | 1 Jenkins | 2 Compuware Topaz For Total Test, Jenkins | 2023-01-31 | N/A | 5.3 MEDIUM |
| Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | |||||
| CVE-2018-1000413 | 1 Jenkins | 1 Config File Provider | 2023-01-31 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins. | |||||
| CVE-2018-3850 | 1 Foxit | 1 Pdf Reader | 2023-01-31 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If a browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2018-3849 | 2 Fedoraproject, Nasa | 2 Fedora, Cfitsio | 2023-01-31 | 6.8 MEDIUM | 8.8 HIGH |
| In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | |||||
| CVE-2018-1084 | 4 Canonical, Corosync, Debian and 1 more | 4 Ubuntu Linux, Corosync, Debian Linux and 1 more | 2023-01-31 | 7.5 HIGH | 7.5 HIGH |
| corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. | |||||
| CVE-2018-3851 | 1 Hyland | 1 Perceptive Document Filters | 2023-01-31 | 6.8 MEDIUM | 8.8 HIGH |
| In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution. | |||||
| CVE-2022-45150 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2023-01-31 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages. | |||||
| CVE-2018-3845 | 1 Hyland | 1 Perceptive Document Filters | 2023-01-31 | 6.8 MEDIUM | 8.8 HIGH |
| In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. | |||||
| CVE-2018-3844 | 1 Hyland | 1 Perceptive Document Filters | 2023-01-31 | 6.8 MEDIUM | 8.8 HIGH |
| In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution. | |||||
| CVE-2019-19341 | 1 Redhat | 1 Ansible Tower | 2023-01-31 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and knowledge of when a backup is run, could retrieve every credential stored in Tower. Access to data is the highest threat with this vulnerability. | |||||
| CVE-2019-18426 | 1 Whatsapp | 2 Whatsapp, Whatsapp For Desktop | 2023-01-31 | 5.8 MEDIUM | 8.2 HIGH |
| A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message. | |||||
| CVE-2018-3848 | 2 Fedoraproject, Nasa | 2 Fedora, Cfitsio | 2023-01-31 | 6.8 MEDIUM | 8.8 HIGH |
| In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | |||||
| CVE-2022-45151 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2023-01-31 | N/A | 5.4 MEDIUM |
| The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website. | |||||
| CVE-2021-43448 | 1 Onlyoffice | 1 Server | 2023-01-31 | N/A | 5.3 MEDIUM |
| ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. A lack of input validation can allow an attacker to spoof the names of users who interact with a document, if the document id is known. | |||||
| CVE-2016-9839 | 1 Osgeo | 1 Mapserver | 2023-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails. | |||||
| CVE-2019-14306 | 1 Ricoh | 96 M 2700, M 2700 Firmware, M 2701 and 93 more | 2023-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2). | |||||
| CVE-2022-4548 | 1 Imageseo | 1 Optimize Images Alt Text \(alt Tag\) \& Names For Seo Using Ai | 2023-01-31 | N/A | 6.5 MEDIUM |
| The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. | |||||
| CVE-2019-20180 | 1 Tablepress | 1 Tablepress | 2023-01-31 | 6.0 MEDIUM | 6.8 MEDIUM |
| The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. | |||||