Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2964 | 3 Linux, Netapp, Redhat | 12 Linux Kernel, H300s, H300s Firmware and 9 more | 2023-01-20 | N/A | 7.8 HIGH |
| A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. | |||||
| CVE-2022-2938 | 4 Fedoraproject, Linux, Netapp and 1 more | 13 Fedora, Linux Kernel, H300s and 10 more | 2023-01-20 | N/A | 7.8 HIGH |
| A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. | |||||
| CVE-2022-39209 | 2 Fedoraproject, Github | 2 Fedora, Cmark-gfm | 2023-01-20 | N/A | 6.5 MEDIUM |
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. This vulnerability has been patched in 0.29.0.gfm.6. Users are advised to upgrade. Users unable to upgrade should disable the use of the autolink extension. | |||||
| CVE-2022-3235 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2023-01-20 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.0490. | |||||
| CVE-2023-0227 | 1 Pyload | 1 Pyload | 2023-01-20 | N/A | 6.5 MEDIUM |
| Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36. | |||||
| CVE-2022-3592 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2023-01-19 | N/A | 6.5 MEDIUM |
| A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem. | |||||
| CVE-2023-22410 | 1 Juniper | 18 Junos, Mx10, Mx10000 and 15 more | 2023-01-19 | N/A | 6.5 MEDIUM |
| A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS on MX Series platforms with MPC10/MPC11 line cards, allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). Devices are only vulnerable when the Suspicious Control Flow Detection (scfd) feature is enabled. Upon enabling this specific feature, an attacker sending specific traffic is causing memory to be allocated dynamically and it is not freed. Memory is not freed even after deactivating this feature. Sustained processing of such traffic will eventually lead to an out of memory condition that prevents all services from continuing to function, and requires a manual restart to recover. The FPC memory usage can be monitored using the CLI command "show chassis fpc". On running the above command, the memory of AftDdosScfdFlow can be observed to detect the memory leak. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 20.2R3-S5; 20.3 version 20.3R1 and later versions. | |||||
| CVE-2023-22407 | 1 Juniper | 2 Junos, Junos Os Evolved | 2023-01-19 | N/A | 6.5 MEDIUM |
| An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). An rpd crash can occur when an MPLS TE tunnel configuration change occurs on a directly connected router. This issue affects: Juniper Networks Junos OS All versions prior to 18.4R2-S7; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2. Juniper Networks Junos OS Evolved All versions prior to 19.2R3-EVO; 19.3 versions prior to 19.3R3-EVO; 19.4 versions prior to 19.4R3-EVO; 20.1 versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R2-EVO. | |||||
| CVE-2023-22403 | 1 Juniper | 4 Junos, Qfx10002, Qfx10008 and 1 more | 2023-01-19 | N/A | 7.5 HIGH |
| An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On QFX10k Series Inter-Chassis Control Protocol (ICCP) is used in MC-LAG topologies to exchange control information between the devices in the topology. ICCP connection flaps and sync issues will be observed due to excessive specific traffic to the local device. This issue affects Juniper Networks Junos OS: All versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2. | |||||
| CVE-2022-39186 | 1 Exfo | 2 Bv-10, Bv-10 Firmware | 2023-01-19 | N/A | 5.5 MEDIUM |
| EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured permissions | |||||
| CVE-2022-4616 | 1 Deltaww | 2 Dx-3021l9, Dx-3021l9 Firmware | 2023-01-19 | N/A | 9.1 CRITICAL |
| The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions. | |||||
| CVE-2022-45729 | 1 Doctor Appointment Management System Project | 1 Doctor Appointment Management System | 2023-01-19 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter. | |||||
| CVE-2022-46623 | 1 Judging Management System Project | 1 Judging Management System | 2023-01-19 | N/A | 7.8 HIGH |
| Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter. | |||||
| CVE-2022-45728 | 1 Doctor Appointment Management System Project | 1 Doctor Appointment Management System | 2023-01-19 | N/A | 6.1 MEDIUM |
| Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-43591 | 1 Qt | 1 Qt | 2023-01-19 | N/A | 8.8 HIGH |
| A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. | |||||
| CVE-2022-46622 | 1 Judging Management System Project | 1 Judging Management System | 2023-01-19 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. | |||||
| CVE-2022-48251 | 1 Arm | 20 Cortex-a53, Cortex-a53 Firmware, Cortex-a55 and 17 more | 2023-01-19 | N/A | 7.5 HIGH |
| ** DISPUTED ** The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture." | |||||
| CVE-2022-46947 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2023-01-19 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. | |||||
| CVE-2022-46946 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2023-01-19 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_brand. | |||||
| CVE-2023-0289 | 1 Webcalendar Project | 1 Webcalendar | 2023-01-19 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master. | |||||