Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20571 | 1 Amd | 142 Ryzen 3 5100, Ryzen 3 5100 Firmware, Ryzen 3 5125c and 139 more | 2023-11-28 | N/A | 8.1 HIGH |
| A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. | |||||
| CVE-2023-6017 | 1 H2o | 1 H2o | 2023-11-28 | N/A | 7.1 HIGH |
| H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL. | |||||
| CVE-2023-24592 | 1 Intel | 5 Advisor, Inspector, Mpi Library and 2 more | 2023-11-28 | N/A | 7.8 HIGH |
| Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-25075 | 1 Intel | 1 Server Configuration Utility | 2023-11-28 | N/A | 7.8 HIGH |
| Unquoted search path in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-45363 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-11-28 | N/A | 7.5 HIGH |
| An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set. | |||||
| CVE-2023-3550 | 1 Mediawiki | 1 Mediawiki | 2023-11-28 | N/A | 7.3 HIGH |
| Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. | |||||
| CVE-2023-42459 | 1 Eprosima | 1 Fast Dds | 2023-11-28 | N/A | 7.5 HIGH |
| Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-27451 | 1 Connekthq | 1 Instant Images | 2023-11-27 | N/A | 8.8 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Instant Images plugin <= 5.1.0.2 versions. | |||||
| CVE-2023-27446 | 1 Fluenx | 1 Deepl Pro Api Translation | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.1.4 versions. | |||||
| CVE-2023-27444 | 1 Perfops | 1 Decalog | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin <= 3.7.0 versions. | |||||
| CVE-2023-27442 | 1 Techsoupeurope | 1 Leyka | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions. | |||||
| CVE-2023-26532 | 1 Accesspressthemes | 1 Social Auto Poster | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions. | |||||
| CVE-2023-28749 | 1 Cminds | 1 Cm On Demand Search And Replace | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions. | |||||
| CVE-2023-47791 | 1 Leadster | 1 Leadster | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions. | |||||
| CVE-2023-47785 | 1 Kreaturamedia | 1 Layerslider | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin <= 7.7.9 versions. | |||||
| CVE-2023-47775 | 1 Gvectors | 1 Wpdiscuz | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions. | |||||
| CVE-2023-39925 | 1 Peepso | 1 Peepso | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin <= 6.1.6.0 versions. | |||||
| CVE-2023-47758 | 1 Mondula | 1 Multi Step Form | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin <= 1.7.11 versions. | |||||
| CVE-2023-25987 | 1 Urosevic | 1 My Youtube Channel | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar Uroševi? My YouTube Channel plugin <= 3.23.3 versions. | |||||
| CVE-2023-47765 | 1 Codebard | 1 Codebard\'s Patron Button And Widgets For Patreon | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.9 versions. | |||||
| CVE-2023-25986 | 1 Paygreen | 1 Paygreen - Ancienne | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WattIsIt PayGreen – Ancienne version plugin <= 4.10.2 versions. | |||||
| CVE-2023-47651 | 1 Wplinkspage | 1 Wp Links Page | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Robert Macchi WP Links Page.This issue affects WP Links Page: from n/a through 4.9.4. | |||||
| CVE-2023-47650 | 1 Petersterling | 1 Add Local Avatar | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Add Local Avatar.This issue affects Add Local Avatar: from n/a through 12.1. | |||||
| CVE-2023-25985 | 1 Tooltips | 1 Wordpress Tooltips | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.This issue affects WordPress Tooltips: from n/a through 8.2.5. | |||||
| CVE-2023-47655 | 1 Wpgov | 1 Anac Xml Bandi Di Gara | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC XML Bandi di Gara.This issue affects ANAC XML Bandi di Gara: from n/a through 7.5. | |||||
| CVE-2023-41129 | 1 Patreon | 1 Patreon Wordpress | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6. | |||||
| CVE-2023-20533 | 1 Amd | 170 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 167 more | 2023-11-27 | N/A | 7.5 HIGH |
| Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | |||||
| CVE-2022-1314 | 1 Google | 1 Chrome | 2023-11-27 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-46774 | 1 Amd | 274 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 271 more | 2023-11-27 | N/A | 7.5 HIGH |
| Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | |||||
| CVE-2023-20566 | 1 Amd | 130 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 127 more | 2023-11-27 | N/A | 7.5 HIGH |
| Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. | |||||
| CVE-2023-29499 | 1 Gnome | 1 Glib | 2023-11-27 | N/A | 7.5 HIGH |
| A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. | |||||
| CVE-2023-34059 | 2 Debian, Vmware | 2 Debian Linux, Open Vm Tools | 2023-11-27 | N/A | 7.0 HIGH |
| open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. | |||||
| CVE-2022-0813 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-11-26 | 5.0 MEDIUM | 7.5 HIGH |
| PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section. | |||||
| CVE-2023-1668 | 3 Cloudbase, Debian, Redhat | 7 Open Vswitch, Debian Linux, Enterprise Linux and 4 more | 2023-11-26 | N/A | 8.2 HIGH |
| A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. | |||||
| CVE-2021-3905 | 4 Canonical, Fedoraproject, Openvswitch and 1 more | 4 Ubuntu Linux, Fedora, Openvswitch and 1 more | 2023-11-26 | N/A | 7.5 HIGH |
| A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments. | |||||
| CVE-2020-27827 | 5 Fedoraproject, Lldpd Project, Openvswitch and 2 more | 27 Fedora, Lldpd, Openvswitch and 24 more | 2023-11-26 | 7.1 HIGH | 7.5 HIGH |
| A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-35498 | 3 Debian, Fedoraproject, Openvswitch | 3 Debian Linux, Fedora, Openvswitch | 2023-11-26 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2023-0950 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2023-11-26 | N/A | 7.8 HIGH |
| Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1. | |||||
| CVE-2022-46175 | 2 Fedoraproject, Json5 | 2 Fedora, Json5 | 2023-11-26 | N/A | 8.8 HIGH |
| JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later. | |||||
| CVE-2023-30549 | 3 Lfprojects, Redhat, Sylabs | 3 Apptainer, Enterprise Linux, Singularity | 2023-11-25 | N/A | 7.8 HIGH |
| Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation. Apptainer 1.1.8 includes a patch that by default disables mounting of extfs filesystem types in setuid-root mode, while continuing to allow mounting of extfs filesystems in non-setuid "rootless" mode using fuse2fs. Some workarounds are possible. Either do not install apptainer-suid (for versions 1.1.0 through 1.1.7) or set `allow setuid = no` in apptainer.conf. This requires having unprivileged user namespaces enabled and except for apptainer 1.1.x versions will disallow mounting of sif files, extfs files, and squashfs files in addition to other, less significant impacts. (Encrypted sif files are also not supported unprivileged in apptainer 1.1.x.). Alternatively, use the `limit containers` options in apptainer.conf/singularity.conf to limit sif files to trusted users, groups, and/or paths, and set `allow container extfs = no` to disallow mounting of extfs overlay files. The latter option by itself does not disallow mounting of extfs overlay partitions inside SIF files, so that's why the former options are also needed. | |||||
| CVE-2022-3775 | 2 Gnu, Redhat | 2 Grub2, Enterprise Linux | 2023-11-25 | N/A | 7.1 HIGH |
| When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. | |||||
| CVE-2022-2601 | 3 Fedoraproject, Gnu, Redhat | 8 Fedora, Grub2, Enterprise Linux Eus and 5 more | 2023-11-25 | N/A | 8.6 HIGH |
| A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. | |||||
| CVE-2023-39322 | 1 Golang | 1 Go | 2023-11-25 | N/A | 7.5 HIGH |
| QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size. | |||||
| CVE-2023-39321 | 1 Golang | 1 Go | 2023-11-25 | N/A | 7.5 HIGH |
| Processing an incomplete post-handshake message for a QUIC connection can cause a panic. | |||||
| CVE-2023-3217 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-3216 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-3215 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-3214 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2023-29403 | 2 Fedoraproject, Golang | 2 Fedora, Go | 2023-11-25 | N/A | 7.8 HIGH |
| On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers. | |||||
| CVE-2023-33865 | 1 Renderdoc | 1 Renderdoc | 2023-11-25 | N/A | 7.8 HIGH |
| RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership. | |||||