Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15917 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2023-08-11 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. | |||||
| CVE-2019-11811 | 3 Linux, Opensuse, Redhat | 9 Linux Kernel, Leap, Enterprise Linux and 6 more | 2023-08-11 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. | |||||
| CVE-2023-0045 | 3 Debian, Linux, Netapp | 13 Debian Linux, Linux Kernel, Active Iq Unified Manager and 10 more | 2023-08-11 | N/A | 7.5 HIGH |
| The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96 | |||||
| CVE-2021-31440 | 2 Linux, Netapp | 18 Linux Kernel, Cloud Backup, H300e and 15 more | 2023-08-11 | 6.9 MEDIUM | 7.0 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661. | |||||
| CVE-2023-2236 | 2 Linux, Netapp | 2 Linux Kernel, Hci Baseboard Management Controller | 2023-08-11 | N/A | 7.8 HIGH |
| A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability. We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4. | |||||
| CVE-2021-3609 | 3 Linux, Netapp, Redhat | 43 Linux Kernel, H300e, H300e Firmware and 40 more | 2023-08-11 | 6.9 MEDIUM | 7.0 HIGH |
| .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. | |||||
| CVE-2018-10878 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2023-08-11 | 6.1 MEDIUM | 7.8 HIGH |
| A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. | |||||
| CVE-2021-3640 | 5 Canonical, Debian, Fedoraproject and 2 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2023-08-11 | 6.9 MEDIUM | 7.0 HIGH |
| A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. | |||||
| CVE-2023-0179 | 4 Canonical, Fedoraproject, Linux and 1 more | 14 Ubuntu Linux, Fedora, Linux Kernel and 11 more | 2023-08-11 | N/A | 7.8 HIGH |
| A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. | |||||
| CVE-2018-16884 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2023-08-11 | 6.7 MEDIUM | 8.0 HIGH |
| A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. | |||||
| CVE-2019-1934 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-08-11 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login. | |||||
| CVE-2012-5010 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-08-11 | 4.8 MEDIUM | 8.1 HIGH |
| ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x before 8.4.7 Interim, 8.2.x before 8.2.5 Interim, 9.1.x before 9.1.6 Interim, ASA 5555-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5520 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5505 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5525-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5585-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5540 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5515-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5555-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.4.x before 9.4.1 Interim, 9.1.x before 9.1.6 Interim, ASA 5580 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.1.x before 9.1.6 Interim, ASA 5585-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 9.4.x before 9.4.1 Interim, ASA 5525-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP. 9.1.x before 9.1.6 ASA does not check the source of the ARP request or GARP packets for addresses it performs NAT translation for under unspecified conditions. | |||||
| CVE-2016-6367 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-08-11 | 6.8 MEDIUM | 7.8 HIGH |
| Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA. | |||||
| CVE-2016-10905 | 1 Linux | 1 Linux Kernel | 2023-08-11 | 6.1 MEDIUM | 7.8 HIGH |
| An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry. | |||||
| CVE-2016-1367 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-08-11 | 7.8 HIGH | 7.5 HIGH |
| The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug ID CSCus23248. | |||||
| CVE-2022-48592 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48591 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48590 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48604 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48589 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48588 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48587 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48586 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48585 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48584 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | |||||
| CVE-2022-48583 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | |||||
| CVE-2022-48582 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | |||||
| CVE-2023-39523 | 1 Nexb | 1 Scancode.io | 2023-08-11 | N/A | 8.8 HIGH |
| ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the `docker_reference` parameter. In the function `scanpipe/pipes/fetch.py:fetch_docker_image` the parameter `docker_reference` is user controllable. The `docker_reference` variable is then passed to the vulnerable function `get_docker_image_platform`. However, the `get_docker_image_plaform` function constructs a shell command with the passed `docker_reference`. The `pipes.run_command` then executes the shell command without any prior sanitization, making the function vulnerable to command injections. A malicious user who is able to create or add inputs to a project can inject commands. Although the command injections are blind and the user will not receive direct feedback without logs, it is still possible to cause damage to the server/container. The vulnerability appears for example if a malicious user adds a semicolon after the input of `docker://;`, it would allow appending malicious commands. Version 32.5.1 contains a patch for this issue. The `docker_reference` input should be sanitized to avoid command injections and, as a workaround, one may avoid creating commands with user controlled input directly. | |||||
| CVE-2022-48597 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48596 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2023-39520 | 1 Cryptomator | 1 Cryptomator | 2023-08-11 | N/A | 7.8 HIGH |
| Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround. | |||||
| CVE-2022-48599 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48600 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48601 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48602 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48595 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48594 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48593 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2023-36899 | 1 Microsoft | 11 .net, .net Framework, Windows 10 1809 and 8 more | 2023-08-11 | N/A | 8.8 HIGH |
| ASP.NET Elevation of Privilege Vulnerability | |||||
| CVE-2023-38830 | 1 Phpjabbers | 1 Yacht Listing Script | 2023-08-11 | N/A | 7.5 HIGH |
| An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module. | |||||
| CVE-2023-38348 | 1 Lw-systems | 1 Benno Mailarchiv | 2023-08-11 | N/A | 8.8 HIGH |
| A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1. | |||||
| CVE-2022-48580 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | |||||
| CVE-2023-38172 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-11 | N/A | 7.5 HIGH |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-38167 | 1 Microsoft | 1 Dynamics 365 Business Central | 2023-08-11 | N/A | 7.2 HIGH |
| Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability | |||||
| CVE-2022-48603 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48598 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | |||||
| CVE-2022-48581 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | |||||
| CVE-2023-39217 | 1 Zoom | 2 Meeting Software Development Kit, Video Software Development Kit | 2023-08-11 | N/A | 7.5 HIGH |
| Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access. | |||||
| CVE-2023-38759 | 1 Wger | 1 Workout Manager | 2023-08-11 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components. | |||||
| CVE-2023-35368 | 1 Microsoft | 1 Exchange Server | 2023-08-11 | N/A | 8.8 HIGH |
| Microsoft Exchange Remote Code Execution Vulnerability | |||||