Vulnerabilities (CVE)

Total 19153 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-28437 1 Dataease 1 Dataease 2023-03-30 N/A 9.8 CRITICAL
Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds.
CVE-2023-1456 1 Ui 2 Edgerouter X, Edgerouter X Firmware 2023-03-30 N/A 9.8 CRITICAL
A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-223301 was assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.
CVE-2022-42948 1 Helpsystems 1 Cobalt Strike 2023-03-30 N/A 9.8 CRITICAL
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.
CVE-2023-28151 1 Independentsoft 1 Jspreadsheet 2023-03-30 N/A 9.8 CRITICAL
An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
CVE-2023-21057 1 Google 1 Android 2023-03-30 N/A 9.8 CRITICAL
In ProfSixDecomTcpSACKoption of RohcPacketCommon, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244450646References: N/A
CVE-2023-23149 1 Dek-1705 Project 2 Dek-1705, Dek-1705 Firmware 2023-03-30 N/A 9.8 CRITICAL
DEK-1705 <=Firmware:34.23.1 device was discovered to have a command execution vulnerability.
CVE-2022-45597 1 Componentspace 1 Saml 2023-03-30 N/A 9.8 CRITICAL
ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation.
CVE-2023-28150 1 Independentsoft 1 Jodf 2023-03-30 N/A 9.8 CRITICAL
An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
CVE-2022-36413 1 Zohocorp 1 Manageengine Adselfservice Plus 2023-03-30 N/A 9.1 CRITICAL
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.
CVE-2023-26864 1 Smplredirectionsmanager Project 1 Smplredirectionsmanager 2023-03-30 N/A 9.8 CRITICAL
SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent.
CVE-2019-16378 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2023-03-29 7.5 HIGH 9.8 CRITICAL
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.
CVE-2019-16239 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2023-03-29 7.5 HIGH 9.8 CRITICAL
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.
CVE-2019-5481 6 Debian, Fedoraproject, Haxx and 3 more 13 Debian Linux, Fedora, Curl and 10 more 2023-03-29 7.5 HIGH 9.8 CRITICAL
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2022-31247 1 Suse 1 Rancher 2023-03-29 N/A 9.1 CRITICAL
An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16.
CVE-2019-18425 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2023-03-29 9.3 HIGH 9.8 CRITICAL
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.
CVE-2019-15232 1 Live555 1 Streaming Media 2023-03-29 7.5 HIGH 9.8 CRITICAL
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.
CVE-2019-11208 1 Tibco 1 Api Exchange Gateway 2023-03-29 6.5 MEDIUM 9.9 CRITICAL
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.
CVE-2018-1000620 1 Cryptiles Project 1 Cryptiles 2023-03-29 5.0 MEDIUM 9.8 CRITICAL
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.
CVE-2023-21058 1 Google 1 Android 2023-03-29 N/A 9.8 CRITICAL
In lcsm_SendRrAcquiAssist of lcsm_bcm_assist.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246169606References: N/A
CVE-2023-20954 1 Google 1 Android 2023-03-29 N/A 9.8 CRITICAL
In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261867748