Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15505 | 1 Mobileiron | 4 Core, Enterprise Connector, Monitor And Reporting Database and 1 more | 2023-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-3884 | 1 Qdpm | 1 Qdpm | 2023-01-27 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/. | |||||
| CVE-2022-42401 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18533. | |||||
| CVE-2022-26498 | 2 Debian, Digium | 2 Debian Linux, Asterisk | 2023-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2. | |||||
| CVE-2022-30781 | 1 Gitea | 1 Gitea | 2023-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| Gitea before 1.16.7 does not escape git fetch remote. | |||||
| CVE-2022-42402 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in an embedded U3D object can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18632. | |||||
| CVE-2021-43845 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2023-01-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size. | |||||
| CVE-2017-9843 | 1 Sap | 1 Netweaver Abap | 2023-01-27 | 4.0 MEDIUM | 2.7 LOW |
| SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841. | |||||
| CVE-2021-30130 | 2 Debian, Phpseclib | 2 Debian Linux, Phpseclib | 2023-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. | |||||
| CVE-2022-24763 | 2 Debian, Pjsip | 2 Debian Linux, Pjsip | 2023-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds. | |||||
| CVE-2021-43302 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2023-01-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters. | |||||
| CVE-2021-43300 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2023-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. | |||||
| CVE-2020-14421 | 1 Aapanel | 1 Aapanel | 2023-01-27 | 9.0 HIGH | 7.2 HIGH |
| aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen. | |||||
| CVE-2020-24361 | 2 Debian, Snmptt | 2 Debian Linux, Snmptt | 2023-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec. | |||||
| CVE-2022-42393 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18662. | |||||
| CVE-2022-42392 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18661. | |||||
| CVE-2022-42391 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18660. | |||||
| CVE-2017-2805 | 1 Foscam | 2 C1 Hd Indoor Camera, C1 Hd Indoor Camera Firmware | 2023-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. A specially crafted http request can cause a stack-based buffer overflow resulting in overwriting arbitrary data on the stack frame. An attacker can simply send an http request to the device to trigger this vulnerability. | |||||
| CVE-2020-15050 | 1 Supremainc | 1 Biostar 2 | 2023-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal. | |||||
| CVE-2020-15569 | 2 Debian, Milkytracker Project | 2 Debian Linux, Milkytracker | 2023-01-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor. | |||||