Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0013 | 1 Sap | 1 Netweaver Application Server Abap | 2023-01-13 | N/A | 6.1 MEDIUM |
| The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application. | |||||
| CVE-2023-0012 | 2 Microsoft, Sap | 2 Windows, Host Agent | 2023-01-13 | N/A | 6.7 MEDIUM |
| In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised. | |||||
| CVE-2021-32940 | 2 Opendesign, Siemens | 4 Drawings Sdk, Comos, Jt2go and 1 more | 2023-01-13 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.5) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations. | |||||
| CVE-2022-30786 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2023-01-13 | 4.6 MEDIUM | 7.8 HIGH |
| A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. | |||||
| CVE-2022-43972 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2023-01-13 | N/A | 7.5 HIGH |
| A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action. | |||||
| CVE-2022-43971 | 1 Linksys | 2 Wumc710, Wumc710 Firmware | 2023-01-13 | N/A | 7.2 HIGH |
| An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root. | |||||
| CVE-2018-20097 | 4 Debian, Exiv2, Fedoraproject and 1 more | 6 Debian Linux, Exiv2, Fedora and 3 more | 2023-01-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2017-14862 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2023-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |||||
| CVE-2017-11591 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2023-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |||||
| CVE-2017-18005 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2023-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. | |||||
| CVE-2017-17669 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2023-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. | |||||
| CVE-2017-14864 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2023-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |||||
| CVE-2022-43973 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2023-01-13 | N/A | 7.2 HIGH |
| An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root. | |||||
| CVE-2018-19535 | 4 Canonical, Debian, Exiv2 and 1 more | 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more | 2023-01-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file. | |||||
| CVE-2018-19108 | 4 Canonical, Debian, Exiv2 and 1 more | 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more | 2023-01-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. | |||||
| CVE-2018-17581 | 4 Canonical, Debian, Exiv2 and 1 more | 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more | 2023-01-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. | |||||
| CVE-2018-8976 | 3 Debian, Exiv2, Redhat | 5 Debian Linux, Exiv2, Enterprise Linux Desktop and 2 more | 2023-01-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. | |||||
| CVE-2019-17402 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2023-01-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size. | |||||
| CVE-2019-14370 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2023-01-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service. | |||||
| CVE-2019-14369 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2023-01-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file. | |||||