Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41249 | 1 Jetbrains | 1 Teamcity | 2023-08-28 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step | |||||
| CVE-2023-41248 | 1 Jetbrains | 1 Teamcity | 2023-08-28 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration | |||||
| CVE-2023-32797 | 1 I13websolution | 1 Video Carousel Slider With Lightbox | 2023-08-28 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22 versions. | |||||
| CVE-2023-32603 | 1 Rednao | 1 Smart Donations | 2023-08-28 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12 versions. | |||||
| CVE-2023-32598 | 1 Shooflysolutions | 1 Featured Image Pro Post Grid | 2023-08-28 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jones Featured Image Pro Post Grid plugin <= 5.14 versions. | |||||
| CVE-2023-32596 | 1 Wolfgangertl | 1 Weebotlite | 2023-08-28 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolfgang Ertl weebotLite plugin <= 1.0.0 versions. | |||||
| CVE-2023-32595 | 1 Palasthotel | 1 Sunny Search | 2023-08-28 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions. | |||||
| CVE-2023-32575 | 1 Woocommerce | 1 Woocommerce | 2023-08-28 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions. | |||||
| CVE-2023-25848 | 2023-08-26 | N/A | 5.3 MEDIUM | ||
| ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed. | |||||
| CVE-2023-24514 | 1 Pandorafms | 1 Pandora Fms | 2023-08-26 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. This issue affects Pandora FMS v767 version and prior versions on all platforms. | |||||
| CVE-2023-40370 | 3 Ibm, Microsoft, Redhat | 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more | 2023-08-26 | N/A | 5.3 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470. | |||||
| CVE-2023-38733 | 3 Ibm, Microsoft, Redhat | 3 Robotic Process Automation, Windows, Openshift | 2023-08-26 | N/A | 4.3 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293. | |||||
| CVE-2023-38732 | 3 Ibm, Microsoft, Redhat | 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more | 2023-08-26 | N/A | 4.3 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289. | |||||
| CVE-2023-38665 | 1 Nasm | 1 Netwide Assembler | 2023-08-26 | N/A | 5.5 MEDIUM |
| Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash). | |||||
| CVE-2023-24515 | 1 Pandorafms | 1 Pandora Fms | 2023-08-26 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to fetch internal file content. This issue affects Pandora FMS v767 version and prior versions on all platforms. | |||||
| CVE-2023-24516 | 1 Pandorafms | 1 Pandora Fms | 2023-08-26 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and prior versions on all platforms. | |||||
| CVE-2022-48064 | 1 Gnu | 1 Binutils | 2023-08-26 | N/A | 5.5 MEDIUM |
| GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | |||||
| CVE-2022-48063 | 1 Gnu | 1 Binutils | 2023-08-26 | N/A | 5.5 MEDIUM |
| GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | |||||
| CVE-2022-47011 | 1 Gnu | 1 Binutils | 2023-08-26 | N/A | 5.5 MEDIUM |
| An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | |||||
| CVE-2022-47010 | 1 Gnu | 1 Binutils | 2023-08-26 | N/A | 5.5 MEDIUM |
| An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | |||||
| CVE-2022-47008 | 1 Gnu | 1 Binutils | 2023-08-26 | N/A | 5.5 MEDIUM |
| An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | |||||
| CVE-2022-47007 | 1 Gnu | 1 Binutils | 2023-08-26 | N/A | 5.5 MEDIUM |
| An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | |||||
| CVE-2022-40090 | 1 Libtiff | 1 Libtiff | 2023-08-26 | N/A | 6.5 MEDIUM |
| An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. | |||||
| CVE-2020-18651 | 1 Exempi Project | 1 Exempi | 2023-08-25 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame. | |||||
| CVE-2020-18652 | 1 Exempi Project | 1 Exempi | 2023-08-25 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file. | |||||
| CVE-2020-18768 | 1 Libtiff | 1 Libtiff | 2023-08-25 | N/A | 5.5 MEDIUM |
| There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file. | |||||
| CVE-2020-18770 | 1 Zziplib Project | 1 Zziplib | 2023-08-25 | N/A | 5.5 MEDIUM |
| An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service. | |||||
| CVE-2020-18780 | 1 Nasm | 1 Netwide Assembler | 2023-08-25 | N/A | 5.5 MEDIUM |
| A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command. | |||||
| CVE-2022-48547 | 1 Cacti | 1 Cacti | 2023-08-25 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php. | |||||
| CVE-2022-41444 | 1 Cacti | 1 Cacti | 2023-08-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php. | |||||
| CVE-2020-18781 | 1 Audiofile | 1 Audiofile | 2023-08-25 | N/A | 5.5 MEDIUM |
| Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert. | |||||
| CVE-2020-21686 | 1 Nasm | 1 Netwide Assembler | 2023-08-25 | N/A | 5.5 MEDIUM |
| A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file. | |||||
| CVE-2020-18382 | 1 Webassembly | 1 Binaryen | 2023-08-25 | N/A | 6.5 MEDIUM |
| Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt. | |||||
| CVE-2020-18378 | 1 Webassembly | 1 Binaryen | 2023-08-25 | N/A | 6.5 MEDIUM |
| A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as. | |||||
| CVE-2022-37052 | 1 Freedesktop | 1 Poppler | 2023-08-25 | N/A | 6.5 MEDIUM |
| A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. | |||||
| CVE-2021-46179 | 1 Upx Project | 1 Upx | 2023-08-25 | N/A | 6.5 MEDIUM |
| Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function. | |||||
| CVE-2022-29654 | 1 Nasm | 1 Netwide Assembler | 2023-08-25 | N/A | 5.5 MEDIUM |
| Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file. | |||||
| CVE-2021-40266 | 1 Freeimage Project | 1 Freeimage | 2023-08-25 | N/A | 6.5 MEDIUM |
| FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference. | |||||
| CVE-2020-22628 | 1 Libraw | 1 Libraw | 2023-08-25 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. | |||||
| CVE-2020-21687 | 1 Nasm | 1 Netwide Assembler | 2023-08-25 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file. | |||||
| CVE-2023-4456 | 1 Redhat | 1 Openshift Logging | 2023-08-25 | N/A | 6.5 MEDIUM |
| A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached. | |||||
| CVE-2020-21723 | 1 Ogg Video Tools Project | 1 Ogg Video Tools | 2023-08-25 | N/A | 5.5 MEDIUM |
| A Segmentation Fault issue discovered StreamSerializer::extractStreams function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote attackers to cause a denial of service (crash) via opening of crafted ogg file. | |||||
| CVE-2020-21896 | 1 Artifex | 1 Mupdf | 2023-08-25 | N/A | 5.5 MEDIUM |
| A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file. | |||||
| CVE-2021-40262 | 1 Freeimage Project | 1 Freeimage | 2023-08-25 | N/A | 6.5 MEDIUM |
| A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp. | |||||
| CVE-2020-21679 | 1 Graphicsmagick | 1 Graphicsmagick | 2023-08-25 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format. | |||||
| CVE-2021-40264 | 1 Freeimage Project | 1 Freeimage | 2023-08-25 | N/A | 6.5 MEDIUM |
| NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp. | |||||
| CVE-2020-21685 | 1 Nasm | 1 Netwide Assembler | 2023-08-25 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file. | |||||
| CVE-2023-4434 | 1 Hamza417 | 1 Inure | 2023-08-25 | N/A | 6.1 MEDIUM |
| Missing Authorization in GitHub repository hamza417/inure prior to build88. | |||||
| CVE-2023-4417 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2023-08-25 | N/A | 6.5 MEDIUM |
| Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process. | |||||
| CVE-2020-22916 | 1 Tukaani | 1 Xz | 2023-08-25 | N/A | 5.5 MEDIUM |
| An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of crafted file. | |||||