Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4342 | 1 Gitlab | 1 Gitlab | 2023-01-18 | N/A | 3.8 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook. | |||||
| CVE-2022-23548 | 1 Discourse | 1 Discourse | 2023-01-18 | N/A | 6.5 MEDIUM |
| Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds. | |||||
| CVE-2022-4167 | 1 Gitlab | 1 Gitlab | 2023-01-18 | N/A | 7.5 HIGH |
| Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them. | |||||
| CVE-2022-45787 | 1 Apache | 1 James | 2023-01-18 | N/A | 5.5 MEDIUM |
| Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. | |||||
| CVE-2022-45935 | 1 Apache | 1 James | 2023-01-18 | N/A | 5.5 MEDIUM |
| Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions. | |||||
| CVE-2023-0016 | 1 Sap | 1 Business Planning And Consolidation | 2023-01-18 | N/A | 8.8 HIGH |
| SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database. | |||||
| CVE-2022-4338 | 2 Debian, Openvswitch | 2 Debian Linux, Openvswitch | 2023-01-18 | N/A | 9.8 CRITICAL |
| An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. | |||||
| CVE-2022-4337 | 2 Debian, Openvswitch | 2 Debian Linux, Openvswitch | 2023-01-18 | N/A | 9.8 CRITICAL |
| An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. | |||||
| CVE-2022-48252 | 1 Pi.alert Project | 1 Pi.alert | 2023-01-18 | N/A | 9.8 CRITICAL |
| The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection. | |||||
| CVE-2021-46779 | 1 Amd | 6 Milanpi, Milanpi Firmware, Naplespi and 3 more | 2023-01-18 | N/A | 7.1 HIGH |
| Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability. | |||||
| CVE-2022-0553 | 1 Zephyrproject | 1 Zephyr | 2023-01-18 | N/A | 4.6 MEDIUM |
| There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily. | |||||
| CVE-2023-21754 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2023-01-18 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. | |||||
| CVE-2023-21752 | 1 Microsoft | 3 Windows 10, Windows 11, Windows 7 | 2023-01-18 | N/A | 7.1 HIGH |
| Windows Backup Service Elevation of Privilege Vulnerability. | |||||
| CVE-2023-21746 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-01-18 | N/A | 7.8 HIGH |
| Windows NTLM Elevation of Privilege Vulnerability. | |||||
| CVE-2023-22959 | 1 Webchess Project | 1 Webchess | 2023-01-18 | N/A | 8.8 HIGH |
| WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName). | |||||
| CVE-2021-3966 | 1 Zephyrproject | 1 Zephyr | 2023-01-18 | N/A | 8.8 HIGH |
| usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem. | |||||
| CVE-2023-21755 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2023-01-18 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. | |||||
| CVE-2020-36650 | 1 Gry Project | 1 Gry | 2023-01-18 | N/A | 8.0 HIGH |
| A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The name of the patch is 5108446c1e23960d65e8b973f1d9486f9f9dbd6c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218019. | |||||
| CVE-2014-125075 | 1 Gmail-servlet Project | 1 Gmail-servlet | 2023-01-18 | N/A | 9.8 CRITICAL |
| A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The name of the patch is 5d72753c2e95bb373aa86824939397dc25f679ea. It is recommended to apply a patch to fix this issue. The identifier VDB-218021 was assigned to this vulnerability. | |||||
| CVE-2022-4885 | 1 Jefferson Project | 1 Jefferson | 2023-01-18 | N/A | 7.5 HIGH |
| A vulnerability has been found in sviehb jefferson up to 0.3 and classified as critical. This vulnerability affects unknown code of the file src/scripts/jefferson. The manipulation leads to path traversal. The attack can be initiated remotely. Upgrading to version 0.4 is able to address this issue. The name of the patch is 53b3f2fc34af0bb32afbcee29d18213e61471d87. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218020. | |||||