Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27916 | 2023-01-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. | |||||
| CVE-2022-27915 | 2023-01-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. | |||||
| CVE-2018-13113 | 1 Easy Trading Token Project | 1 Easy Trading Token | 2023-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party. | |||||
| CVE-2018-13144 | 1 Pandora Project | 1 Pandora | 2023-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party. | |||||
| CVE-2018-13326 | 1 Bittelux Project | 1 Bittelux | 2023-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party. | |||||
| CVE-2018-13327 | 1 Chucunlingaigo Project | 1 Chucunlingaigo | 2023-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party. | |||||
| CVE-2019-12416 | 1 Apache | 1 Deltaspike | 2023-01-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default. | |||||
| CVE-2020-5306 | 1 Codologic | 1 Codoforum | 2023-01-20 | 3.5 LOW | 4.8 MEDIUM |
| Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. | |||||
| CVE-2019-15587 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-01-20 | 3.5 LOW | 5.4 MEDIUM |
| In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | |||||
| CVE-2023-20531 | 1 Amd | 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more | 2023-01-20 | N/A | 7.5 HIGH |
| Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service. | |||||
| CVE-2019-15715 | 1 Mantisbt | 1 Mantisbt | 2023-01-20 | 6.5 MEDIUM | 7.2 HIGH |
| MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. | |||||
| CVE-2019-13361 | 1 Smanos | 2 W100, W100 Firmware | 2023-01-20 | 3.3 LOW | 6.5 MEDIUM |
| Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network. | |||||
| CVE-2019-16303 | 1 Jhipster | 2 Jhipster, Jhipster Kotlin | 2023-01-20 | 7.5 HIGH | 9.8 CRITICAL |
| A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover. | |||||
| CVE-2023-20532 | 1 Amd | 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more | 2023-01-20 | N/A | 5.3 MEDIUM |
| Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service. | |||||
| CVE-2019-13458 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2023-01-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords. | |||||
| CVE-2019-12746 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2023-01-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then be potentially abused in order to impersonate the agent user. | |||||
| CVE-2019-14497 | 3 Canonical, Debian, Milkytracker Project | 3 Ubuntu Linux, Debian Linux, Milkytracker | 2023-01-20 | 6.8 MEDIUM | 7.8 HIGH |
| ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow. | |||||
| CVE-2019-20051 | 2 Fedoraproject, Upx Project | 2 Fedora, Upx | 2023-01-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service. | |||||
| CVE-2019-19781 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2023-01-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal. | |||||
| CVE-2019-14496 | 3 Canonical, Debian, Milkytracker Project | 3 Ubuntu Linux, Debian Linux, Milkytracker | 2023-01-20 | 6.8 MEDIUM | 7.8 HIGH |
| LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow. | |||||