Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1314 | 1 Google | 1 Chrome | 2023-11-27 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2023-22313 | 1 Intel | 5 Qat Driver, Qat Driver Firmware, Quickassist Technology Driver and 2 more | 2023-11-27 | N/A | 2.3 LOW |
| Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-22327 | 1 Intel | 96 Agilex 7 Fpga F-series 006, Agilex 7 Fpga F-series 006 Firmware, Agilex 7 Fpga F-series 008 and 93 more | 2023-11-27 | N/A | 4.4 MEDIUM |
| Out-of-bounds write in firmware for some Intel(R) FPGA products before version 2.8.1 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2021-46748 | 2 Amd, Intel | 123 Radeon Pro Vega 56, Radeon Pro Vega 56 Firmware, Radeon Pro Vega 64 and 120 more | 2023-11-27 | N/A | 5.5 MEDIUM |
| Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service. | |||||
| CVE-2021-46766 | 1 Amd | 56 Epyc 9124, Epyc 9124 Firmware, Epyc 9174f and 53 more | 2023-11-27 | N/A | 5.5 MEDIUM |
| Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. | |||||
| CVE-2022-29510 | 1 Intel | 72 Compute Module Hns2600bp, Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb and 69 more | 2023-11-27 | N/A | 6.7 MEDIUM |
| Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-46774 | 1 Amd | 274 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 271 more | 2023-11-27 | N/A | 7.5 HIGH |
| Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | |||||
| CVE-2022-41659 | 1 Intel | 1 Unison | 2023-11-27 | N/A | 4.4 MEDIUM |
| Improper access control for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2023-20521 | 1 Amd | 186 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 183 more | 2023-11-27 | N/A | 5.7 MEDIUM |
| TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. | |||||
| CVE-2023-20568 | 2 Amd, Intel | 123 Radeon Pro Vega 56, Radeon Pro Vega 56 Firmware, Radeon Pro Vega 64 and 120 more | 2023-11-27 | N/A | 6.7 MEDIUM |
| Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution. | |||||
| CVE-2023-20567 | 2 Amd, Intel | 123 Radeon Pro Vega 56, Radeon Pro Vega 56 Firmware, Radeon Pro Vega 64 and 120 more | 2023-11-27 | N/A | 6.7 MEDIUM |
| Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution. | |||||
| CVE-2023-20566 | 1 Amd | 130 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 127 more | 2023-11-27 | N/A | 7.5 HIGH |
| Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. | |||||
| CVE-2023-20526 | 1 Amd | 146 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 143 more | 2023-11-27 | N/A | 4.6 MEDIUM |
| Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. | |||||
| CVE-2023-5640 | 1 Dguzun | 1 Article Analytics | 2023-11-27 | N/A | 9.8 CRITICAL |
| The Article Analytics WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability. | |||||
| CVE-2023-5119 | 1 Incsub | 1 Forminator | 2023-11-27 | N/A | 4.8 MEDIUM |
| The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup). | |||||
| CVE-2023-4808 | 1 Allurewebsolutions | 1 Wp Post Popup | 2023-11-27 | N/A | 4.8 MEDIUM |
| The WP Post Popup WordPress plugin through 3.7.3 does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-5509 | 1 Premio | 1 Mystickymenu | 2023-11-27 | N/A | 5.4 MEDIUM |
| The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions. | |||||
| CVE-2023-5343 | 1 Ays-pro | 1 Popup Box | 2023-11-27 | N/A | 4.8 MEDIUM |
| The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2023-5340 | 1 Fivestarplugins | 1 Five Star Restaurant Menu | 2023-11-27 | N/A | 9.8 CRITICAL |
| The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog. | |||||
| CVE-2023-5610 | 1 S-sols | 1 Seraphinite Accelerator | 2023-11-27 | N/A | 5.4 MEDIUM |
| The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect | |||||
| CVE-2023-5609 | 1 S-sols | 1 Seraphinite Accelerator | 2023-11-27 | N/A | 6.1 MEDIUM |
| The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-5652 | 1 Thimpress | 1 Wp Hotel Booking | 2023-11-27 | N/A | 9.8 CRITICAL |
| The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections | |||||
| CVE-2023-5651 | 1 Thimpress | 1 Wp Hotel Booking | 2023-11-27 | N/A | 5.4 MEDIUM |
| The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts | |||||
| CVE-2023-5799 | 1 Thimpress | 1 Wp Hotel Booking | 2023-11-27 | N/A | 5.4 MEDIUM |
| The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them | |||||
| CVE-2023-32665 | 1 Gnome | 1 Glib | 2023-11-27 | N/A | 5.5 MEDIUM |
| A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. | |||||
| CVE-2023-32611 | 1 Gnome | 1 Glib | 2023-11-27 | N/A | 5.5 MEDIUM |
| A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. | |||||
| CVE-2023-29499 | 1 Gnome | 1 Glib | 2023-11-27 | N/A | 7.5 HIGH |
| A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. | |||||
| CVE-2023-34059 | 2 Debian, Vmware | 2 Debian Linux, Open Vm Tools | 2023-11-27 | N/A | 7.0 HIGH |
| open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. | |||||
| CVE-2022-0813 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-11-26 | 5.0 MEDIUM | 7.5 HIGH |
| PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section. | |||||
| CVE-2022-23808 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-11-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection. | |||||
| CVE-2022-23807 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-11-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances. | |||||
| CVE-2023-1668 | 3 Cloudbase, Debian, Redhat | 7 Open Vswitch, Debian Linux, Enterprise Linux and 4 more | 2023-11-26 | N/A | 8.2 HIGH |
| A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. | |||||
| CVE-2022-4338 | 2 Debian, Openvswitch | 2 Debian Linux, Openvswitch | 2023-11-26 | N/A | 9.8 CRITICAL |
| An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. | |||||
| CVE-2022-4337 | 2 Debian, Openvswitch | 2 Debian Linux, Openvswitch | 2023-11-26 | N/A | 9.8 CRITICAL |
| An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. | |||||
| CVE-2021-3905 | 4 Canonical, Fedoraproject, Openvswitch and 1 more | 4 Ubuntu Linux, Fedora, Openvswitch and 1 more | 2023-11-26 | N/A | 7.5 HIGH |
| A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments. | |||||
| CVE-2021-36980 | 1 Openvswitch | 1 Openvswitch | 2023-11-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. | |||||
| CVE-2020-27827 | 5 Fedoraproject, Lldpd Project, Openvswitch and 2 more | 27 Fedora, Lldpd, Openvswitch and 24 more | 2023-11-26 | 7.1 HIGH | 7.5 HIGH |
| A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-35498 | 3 Debian, Fedoraproject, Openvswitch | 3 Debian Linux, Fedora, Openvswitch | 2023-11-26 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2023-2255 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2023-11-26 | N/A | 5.3 MEDIUM |
| Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3. | |||||
| CVE-2023-0950 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2023-11-26 | N/A | 7.8 HIGH |
| Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1. | |||||
| CVE-2022-46175 | 2 Fedoraproject, Json5 | 2 Fedora, Json5 | 2023-11-26 | N/A | 8.8 HIGH |
| JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later. | |||||
| CVE-2023-30549 | 3 Lfprojects, Redhat, Sylabs | 3 Apptainer, Enterprise Linux, Singularity | 2023-11-25 | N/A | 7.8 HIGH |
| Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation. Apptainer 1.1.8 includes a patch that by default disables mounting of extfs filesystem types in setuid-root mode, while continuing to allow mounting of extfs filesystems in non-setuid "rootless" mode using fuse2fs. Some workarounds are possible. Either do not install apptainer-suid (for versions 1.1.0 through 1.1.7) or set `allow setuid = no` in apptainer.conf. This requires having unprivileged user namespaces enabled and except for apptainer 1.1.x versions will disallow mounting of sif files, extfs files, and squashfs files in addition to other, less significant impacts. (Encrypted sif files are also not supported unprivileged in apptainer 1.1.x.). Alternatively, use the `limit containers` options in apptainer.conf/singularity.conf to limit sif files to trusted users, groups, and/or paths, and set `allow container extfs = no` to disallow mounting of extfs overlay files. The latter option by itself does not disallow mounting of extfs overlay partitions inside SIF files, so that's why the former options are also needed. | |||||
| CVE-2022-3775 | 2 Gnu, Redhat | 2 Grub2, Enterprise Linux | 2023-11-25 | N/A | 7.1 HIGH |
| When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. | |||||
| CVE-2022-2601 | 3 Fedoraproject, Gnu, Redhat | 8 Fedora, Grub2, Enterprise Linux Eus and 5 more | 2023-11-25 | N/A | 8.6 HIGH |
| A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. | |||||
| CVE-2023-39322 | 1 Golang | 1 Go | 2023-11-25 | N/A | 7.5 HIGH |
| QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size. | |||||
| CVE-2023-39321 | 1 Golang | 1 Go | 2023-11-25 | N/A | 7.5 HIGH |
| Processing an incomplete post-handshake message for a QUIC connection can cause a panic. | |||||
| CVE-2023-39320 | 1 Golang | 1 Go | 2023-11-25 | N/A | 9.8 CRITICAL |
| The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software. | |||||
| CVE-2023-39319 | 1 Golang | 1 Go | 2023-11-25 | N/A | 6.1 MEDIUM |
| The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack. | |||||
| CVE-2023-39318 | 1 Golang | 1 Go | 2023-11-25 | N/A | 6.1 MEDIUM |
| The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack. | |||||
| CVE-2023-29409 | 1 Golang | 1 Go | 2023-11-25 | N/A | 5.3 MEDIUM |
| Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. | |||||