Vulnerabilities (CVE)

Total 226656 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-2722 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Android and 1 more 2023-09-30 N/A 8.8 HIGH
Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-1530 1 Google 1 Chrome 2023-09-30 N/A 8.8 HIGH
Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-29354 1 Microsoft 1 Edge Chromium 2023-09-30 N/A 4.7 MEDIUM
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2023-1813 2 Fedoraproject, Google 2 Fedora, Chrome 2023-09-30 N/A 6.5 MEDIUM
Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-2459 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2023-09-30 N/A 6.5 MEDIUM
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-2135 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2023-09-30 N/A 7.5 HIGH
Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-1531 1 Google 1 Chrome 2023-09-30 N/A 8.8 HIGH
Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2021-30004 1 W1.fi 2 Hostapd, Wpa Supplicant 2023-09-30 5.0 MEDIUM 5.3 MEDIUM
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
CVE-2023-1579 1 Gnu 1 Binutils 2023-09-30 N/A 7.8 HIGH
Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.
CVE-2022-38533 2 Fedoraproject, Gnu 2 Fedora, Binutils 2023-09-30 N/A 5.5 MEDIUM
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.
CVE-2023-5300 2023-09-30 N/A N/A
A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240939.
CVE-2022-4285 3 Fedoraproject, Gnu, Redhat 3 Fedora, Binutils, Enterprise Linux 2023-09-30 N/A 5.5 MEDIUM
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
CVE-2023-1972 1 Gnu 1 Binutils 2023-09-30 N/A 6.5 MEDIUM
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
CVE-2023-5207 2023-09-30 N/A N/A
A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.
CVE-2023-20588 2 Amd, Debian 63 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 60 more 2023-09-30 N/A 5.5 MEDIUM
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 
CVE-2023-41993 1 Apple 3 Ipad Os, Iphone Os, Safari 2023-09-30 N/A 9.8 CRITICAL
The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
CVE-2023-5298 2023-09-30 N/A N/A
A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the argument REQUIREMENTS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240938 is the identifier assigned to this vulnerability.
CVE-2023-39742 1 Giflib Project 1 Giflib 2023-09-30 N/A 5.5 MEDIUM
giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.
CVE-2023-5186 1 Google 1 Chrome 2023-09-30 N/A 8.8 HIGH
Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)
CVE-2023-5187 1 Google 1 Chrome 2023-09-30 N/A 8.8 HIGH
Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)