Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25024 | 1 Vinitkumar | 1 Json2xml | 2023-08-25 | N/A | 7.5 HIGH |
| The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service. | |||||
| CVE-2020-25887 | 1 Cesanta | 1 Mongoose | 2023-08-25 | N/A | 8.8 HIGH |
| Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file. | |||||
| CVE-2020-22570 | 1 Memcached | 1 Memcached | 2023-08-25 | N/A | 7.5 HIGH |
| Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command. | |||||
| CVE-2020-21722 | 1 Ogg Video Tools Project | 1 Ogg Video Tools | 2023-08-25 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file. | |||||
| CVE-2020-21724 | 1 Ogg Video Tools Project | 1 Ogg Video Tools | 2023-08-25 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in ExtractorInformation function in streamExtractor.cpp in oggvideotools 0.9.1 allows remaote attackers to run arbitrary code via opening of crafted ogg file. | |||||
| CVE-2023-40352 | 1 Mcafee | 1 Safe Connect | 2023-08-25 | N/A | 7.2 HIGH |
| McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs. | |||||
| CVE-2020-27418 | 1 Fedoraproject | 1 Fedora Linux Kernel | 2023-08-25 | N/A | 7.5 HIGH |
| A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function. | |||||
| CVE-2021-40265 | 1 Freeimage Project | 1 Freeimage | 2023-08-25 | N/A | 8.8 HIGH |
| A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp. | |||||
| CVE-2020-26652 | 1 Realtek | 2 Rtl8812au, Rtl8812au Firmware | 2023-08-25 | N/A | 7.5 HIGH |
| An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service. | |||||
| CVE-2020-22218 | 1 Libssh2 | 1 Libssh2 | 2023-08-25 | N/A | 7.5 HIGH |
| An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory. | |||||
| CVE-2020-21890 | 1 Artifex | 1 Ghostscript | 2023-08-25 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document. | |||||
| CVE-2020-18831 | 1 Exiv2 | 1 Exiv2 | 2023-08-25 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file. | |||||
| CVE-2020-18232 | 1 Hdfgroup | 1 Hdf5 | 2023-08-25 | N/A | 8.8 HIGH |
| Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. | |||||
| CVE-2023-3604 | 1 Wpexpertsio | 1 Change Wp Admin Login | 2023-08-25 | N/A | 7.5 HIGH |
| The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered. | |||||
| CVE-2023-37250 | 1 Unity | 1 Parsec | 2023-08-25 | N/A | 7.0 HIGH |
| Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This affects Parsec Loader versions through 8. Parsec Loader 9 is a fixed version. | |||||
| CVE-2020-24295 | 1 Freeimage Project | 1 Freeimage | 2023-08-25 | N/A | 8.8 HIGH |
| Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file. | |||||
| CVE-2020-24293 | 1 Freeimage Project | 1 Freeimage | 2023-08-25 | N/A | 8.8 HIGH |
| Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file. | |||||
| CVE-2020-24292 | 1 Freeimage Project | 1 Freeimage | 2023-08-25 | N/A | 8.8 HIGH |
| Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file. | |||||
| CVE-2023-39748 | 1 Tp-link | 2 Tl-wr1041n V2, Tl-wr1041n V2 Firmware | 2023-08-25 | N/A | 7.5 HIGH |
| An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-39745 | 1 Tp-link | 6 Tl-wr841n V8, Tl-wr841n V8 Firmware, Tl-wr940n V2 and 3 more | 2023-08-25 | N/A | 7.5 HIGH |
| TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-40711 | 1 Veilid | 1 Veilid | 2023-08-25 | N/A | 7.5 HIGH |
| Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service (out-of-memory abort) via crafted packet data, as exploited in the wild in August 2023. | |||||
| CVE-2020-20813 | 1 Openvpn | 1 Openvpn | 2023-08-25 | N/A | 7.5 HIGH |
| Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet. | |||||
| CVE-2020-19726 | 1 Gnu | 1 Binutils | 2023-08-25 | N/A | 8.8 HIGH |
| An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. | |||||
| CVE-2020-19725 | 1 Microsoft | 1 Z3 | 2023-08-25 | N/A | 7.8 HIGH |
| There is a use-after-free vulnerability in file pdd_simplifier.cpp in Z3 before 4.8.8. It occurs when the solver attempt to simplify the constraints and causes unexpected memory access. It can cause segmentation faults or arbitrary code execution. | |||||
| CVE-2023-23564 | 1 Geomatika | 1 Isigeo Web | 2023-08-24 | N/A | 8.8 HIGH |
| An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands. | |||||
| CVE-2022-28073 | 1 Radare | 1 Radare2 | 2023-08-24 | N/A | 7.5 HIGH |
| A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0. | |||||
| CVE-2022-28072 | 1 Radare | 1 Radare2 | 2023-08-24 | N/A | 7.5 HIGH |
| A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0. | |||||
| CVE-2022-28071 | 1 Radare | 1 Radare2 | 2023-08-24 | N/A | 7.5 HIGH |
| A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0. | |||||
| CVE-2022-28070 | 1 Radare | 1 Radare2 | 2023-08-24 | N/A | 7.5 HIGH |
| A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0. | |||||
| CVE-2022-28069 | 1 Radare | 1 Radare2 | 2023-08-24 | N/A | 7.5 HIGH |
| A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0. | |||||
| CVE-2022-28068 | 1 Radare | 1 Radare2 | 2023-08-24 | N/A | 7.5 HIGH |
| A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0. | |||||
| CVE-2021-32422 | 1 Dpic Project | 1 Dpic | 2023-08-24 | N/A | 7.5 HIGH |
| dpic 2021.01.01 has a Global buffer overflow in theyylex() function in main.c and reads out of the bound array. | |||||
| CVE-2021-32421 | 1 Dpic Project | 1 Dpic | 2023-08-24 | N/A | 7.5 HIGH |
| dpic 2021.01.01 has a Heap Use-After-Free in thedeletestringbox() function in dpic.y. | |||||
| CVE-2021-32420 | 1 Dpic Project | 1 Dpic | 2023-08-24 | N/A | 7.5 HIGH |
| dpic 2021.01.01 has a Heap-based Buffer Overflow in thestorestring function in dpic.y. | |||||
| CVE-2020-21426 | 1 Freeimage Project | 1 Freeimage | 2023-08-24 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. | |||||
| CVE-2023-25913 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2023-08-24 | N/A | 7.5 HIGH |
| Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information. | |||||
| CVE-2023-36787 | 1 Microsoft | 1 Edge Chromium | 2023-08-24 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2023-25914 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2023-08-24 | N/A | 7.5 HIGH |
| Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface. | |||||
| CVE-2023-38899 | 1 Berkaygediz | 1 O Blog | 2023-08-24 | N/A | 7.8 HIGH |
| SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component. | |||||
| CVE-2023-38836 | 1 Boidcms | 1 Boidcms | 2023-08-24 | N/A | 8.8 HIGH |
| File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code via the GIF header component. | |||||
| CVE-2023-37369 | 2 Debian, Qt | 2 Debian Linux, Qt | 2023-08-24 | N/A | 7.5 HIGH |
| In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. | |||||
| CVE-2023-2316 | 3 Linux, Microsoft, Typora | 3 Linux Kernel, Windows, Typora | 2023-08-24 | N/A | N/A |
| Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora. | |||||
| CVE-2023-37914 | 1 Xwiki | 1 Xwiki | 2023-08-24 | N/A | 8.8 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This vulnerability has been patched on XWiki 14.4.8, 15.2-rc-1, and 14.10.6. Users are advised to upgrade. Users unable to upgrade may manually apply the patch on `Invitation.InvitationCommon` and `Invitation.InvitationConfig`, but there are otherwise no known workarounds for this vulnerability. | |||||
| CVE-2023-40272 | 1 Apache | 1 Apache-airflow-providers-apache-spark | 2023-08-24 | N/A | 7.5 HIGH |
| Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected. | |||||
| CVE-2023-39786 | 1 Tenda | 2 Ac8v4, Ac8v4 Firmware | 2023-08-24 | N/A | 7.5 HIGH |
| Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function. | |||||
| CVE-2023-39785 | 1 Tenda | 2 Ac8v4, Ac8v4 Firmware | 2023-08-24 | N/A | 7.5 HIGH |
| Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function. | |||||
| CVE-2023-39784 | 1 Tenda | 2 Ac8v4, Ac8v4 Firmware | 2023-08-24 | N/A | 7.5 HIGH |
| Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function. | |||||
| CVE-2023-26115 | 1 Word-wrap Project | 1 Word-wrap | 2023-08-24 | N/A | 7.5 HIGH |
| All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable. | |||||
| CVE-2023-39125 | 1 Ntsc-crt Project | 1 Ntsc-crt | 2023-08-24 | N/A | 7.5 HIGH |
| NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp_rw.c because a file's width, height, and BPP are not validated. NOTE: the vendor's perspective is "this main application was not intended to be a well tested program, it's just something to demonstrate it works and for the user to see how to integrate it into their own programs." | |||||
| CVE-2023-40171 | 1 Netflix | 1 Dispatch | 2023-08-24 | N/A | 7.5 HIGH |
| Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for signing JWT tokens in error message when the `Dispatch Plugin - Basic Authentication Provider` plugin encounters an error when attempting to decode a JWT token. Any Dispatch users who own their instance and rely on the `Dispatch Plugin - Basic Authentication Provider` plugin for authentication may be impacted, allowing for any account to be taken over within their own instance. This could be done by using the secret to sign attacker crafted JWTs. If you think that you may be impacted, we strongly suggest you to rotate the secret stored in the `DISPATCH_JWT_SECRET` envvar in the `.env` file. This issue has been addressed in commit `b1942a4319` which has been included in the `20230817` release. users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||