Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33250 | 1 Qualcomm | 130 Ar8035, Ar8035 Firmware, Qca6390 and 127 more | 2023-03-16 | N/A | 7.5 HIGH |
| Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover. | |||||
| CVE-2022-33254 | 1 Qualcomm | 128 Aqt1000, Aqt1000 Firmware, Ar8035 and 125 more | 2023-03-16 | N/A | 7.5 HIGH |
| Transient DOS due to reachable assertion in Modem while processing SIB1 Message. | |||||
| CVE-2020-5002 | 1 Ibm | 1 Financial Transaction Manager | 2023-03-16 | N/A | 8.8 HIGH |
| IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation. IBM X-Force ID: 192954. | |||||
| CVE-2021-27788 | 1 Hcltech | 1 Verse | 2023-03-16 | N/A | 6.1 MEDIUM |
| HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. | |||||
| CVE-2022-20929 | 1 Cisco | 1 Enterprise Nfv Infrastructure Software | 2023-03-16 | N/A | 7.8 HIGH |
| A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system. | |||||
| CVE-2022-34377 | 1 Dell | 160 C4130, C4130 Firmware, C4140 and 157 more | 2023-03-16 | N/A | 6.7 MEDIUM |
| Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | |||||
| CVE-2022-34376 | 1 Dell | 160 C4130, C4130 Firmware, C4140 and 157 more | 2023-03-16 | N/A | 5.5 MEDIUM |
| Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM. | |||||
| CVE-2022-4313 | 2023-03-16 | N/A | N/A | ||
| A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets. | |||||
| CVE-2023-25267 | 2023-03-16 | N/A | N/A | ||
| An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc URI. | |||||
| CVE-2023-26484 | 2023-03-16 | N/A | N/A | ||
| KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is running, the virt-handler service account can be used to modify all node specs. This can be misused to lure-in system-level-privileged components which can, for instance, read all secrets on the cluster, or can exec into pods on other nodes. This way, a compromised node can be used to elevate privileges beyond the node until potentially having full privileged access to the whole cluster. The simplest way to exploit this, once a user could compromise a specific node, is to set with the virt-handler service account all other nodes to unschedulable and simply wait until system-critical components with high privileges appear on its node. No patches are available as of time of publication. As a workaround, gatekeeper users can add a webhook which will block the `virt-handler` service account to modify the spec of a node. | |||||
| CVE-2022-34408 | 2023-03-16 | N/A | N/A | ||
| Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | |||||
| CVE-2023-28461 | 2023-03-16 | N/A | N/A | ||
| Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon." | |||||
| CVE-2023-28460 | 2023-03-16 | N/A | N/A | ||
| A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer. | |||||
| CVE-2022-1587 | 4 Fedoraproject, Netapp, Pcre and 1 more | 17 Fedora, Active Iq Unified Manager, H300s and 14 more | 2023-03-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. | |||||
| CVE-2022-1586 | 4 Fedoraproject, Netapp, Pcre and 1 more | 17 Fedora, Active Iq Unified Manager, H300s and 14 more | 2023-03-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. | |||||
| CVE-2019-20454 | 2 Fedoraproject, Pcre | 2 Fedora, Pcre2 | 2023-03-15 | 5.0 MEDIUM | 7.5 HIGH |
| An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. | |||||
| CVE-2022-45589 | 1 Talend | 1 Esb Runtime | 2023-03-15 | N/A | 9.8 CRITICAL |
| All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version. | |||||
| CVE-2022-45588 | 1 Talend | 1 Remote Engine Gen 2 | 2023-03-15 | N/A | 9.8 CRITICAL |
| All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud Engine for Design are not impacted. This XXE vulnerability could only be exploited by someone with the appropriate rights to edit pipelines on the Talend platform. It could not be triggered remotely or by other user input. | |||||
| CVE-2013-10021 | 1 Wordpress | 1 Debug Bar | 2023-03-15 | N/A | 6.1 MEDIUM |
| A vulnerability was found in dd32 Debug Bar Plugin up to 0.8. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.8.1 is able to address this issue. The name of the patch is 0842af8f8a556bc3e39b9ef758173b0a8a9ccbfc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222739. | |||||
| CVE-2023-1354 | 1 Design And Implementation Of Covid-19 Directory On Vaccination System Project | 1 Design And Implementation Of Covid-19 Directory On Vaccination System | 2023-03-15 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file register.php. The manipulation of the argument txtfullname/txtage/txtaddress/txtphone leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222853 was assigned to this vulnerability. | |||||