Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3268 | 1 Linux | 1 Linux Kernel | 2023-08-19 | N/A | 7.1 HIGH |
| An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. | |||||
| CVE-2023-3111 | 1 Linux | 1 Linux Kernel | 2023-08-19 | N/A | 7.8 HIGH |
| A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). | |||||
| CVE-2023-31084 | 1 Linux | 1 Linux Kernel | 2023-08-19 | N/A | 5.5 MEDIUM |
| An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process. | |||||
| CVE-2023-21400 | 1 Google | 1 Android | 2023-08-19 | N/A | 6.7 MEDIUM |
| In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21255 | 1 Google | 1 Android | 2023-08-19 | N/A | 7.8 HIGH |
| In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-2898 | 1 Linux | 1 Linux Kernel | 2023-08-19 | N/A | 4.7 MEDIUM |
| There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem. | |||||
| CVE-2023-2124 | 1 Linux | 1 Linux Kernel | 2023-08-19 | N/A | 7.8 HIGH |
| An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
| CVE-2023-2269 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2023-08-19 | N/A | 4.4 MEDIUM |
| A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. | |||||
| CVE-2023-2007 | 1 Linux | 1 Linux Kernel | 2023-08-19 | N/A | 7.8 HIGH |
| The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. | |||||
| CVE-2022-4269 | 1 Linux | 1 Linux Kernel | 2023-08-19 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition. | |||||
| CVE-2022-39189 | 1 Linux | 1 Linux Kernel | 2023-08-19 | N/A | 7.8 HIGH |
| An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. | |||||
| CVE-2022-4920 | 1 Google | 1 Chrome | 2023-08-19 | N/A | 9.6 CRITICAL |
| Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4919 | 1 Google | 1 Chrome | 2023-08-19 | N/A | 8.8 HIGH |
| Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4918 | 1 Google | 1 Chrome | 2023-08-19 | N/A | 8.8 HIGH |
| Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4917 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2023-08-19 | N/A | 4.3 MEDIUM |
| Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2022-4916 | 1 Google | 1 Chrome | 2023-08-19 | N/A | 8.8 HIGH |
| Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4915 | 1 Google | 1 Chrome | 2023-08-19 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4914 | 1 Google | 1 Chrome | 2023-08-19 | N/A | 8.8 HIGH |
| Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4913 | 1 Google | 1 Chrome | 2023-08-19 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4912 | 1 Google | 1 Chrome | 2023-08-19 | N/A | 8.8 HIGH |
| Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4911 | 1 Google | 1 Chrome | 2023-08-19 | N/A | 6.5 MEDIUM |
| Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2022-3444 | 1 Google | 1 Chrome | 2023-08-19 | N/A | 4.3 MEDIUM |
| Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low) | |||||
| CVE-2022-3443 | 1 Google | 1 Chrome | 2023-08-19 | N/A | 4.3 MEDIUM |
| Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2022-2481 | 1 Google | 1 Chrome | 2023-08-19 | N/A | 8.8 HIGH |
| Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction. | |||||
| CVE-2022-2480 | 1 Google | 1 Chrome | 2023-08-19 | N/A | 8.8 HIGH |
| Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2479 | 1 Google | 2 Android, Chrome | 2023-08-19 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. | |||||
| CVE-2022-2478 | 1 Google | 1 Chrome | 2023-08-19 | N/A | 8.8 HIGH |
| Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2477 | 1 Google | 1 Chrome | 2023-08-19 | N/A | 8.8 HIGH |
| Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1919 | 1 Google | 1 Chrome | 2023-08-19 | N/A | 8.8 HIGH |
| Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-40393 | 2 Debian, Gerbv Project | 2 Debian Linux, Gerbv | 2023-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-46706 | 1 Apple | 2 Mac Os X, Macos | 2023-08-19 | N/A | 7.8 HIGH |
| A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-38856 | 1 Libxls Project | 1 Libxls | 2023-08-19 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:411. | |||||
| CVE-2023-38855 | 1 Libxls Project | 1 Libxls | 2023-08-19 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395. | |||||
| CVE-2023-38854 | 1 Libxls Project | 1 Libxls | 2023-08-19 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode_latin1_to_utf8 function in xlstool.c:296. | |||||
| CVE-2023-38853 | 1 Libxls Project | 1 Libxls | 2023-08-19 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1015. | |||||
| CVE-2023-38851 | 1 Libxls Project | 1 Libxls | 2023-08-19 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018. | |||||
| CVE-2023-28479 | 1 Tigergraph | 1 Tigergraph | 2023-08-19 | N/A | 8.8 HIGH |
| An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries. | |||||
| CVE-2023-28179 | 1 Apple | 1 Macos | 2023-08-19 | N/A | 7.1 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted AppleScript binary may result in unexpected app termination or disclosure of process memory. | |||||
| CVE-2023-38852 | 1 Libxls Project | 1 Libxls | 2023-08-19 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266. | |||||
| CVE-2022-46724 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-19 | N/A | 2.4 LOW |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen. | |||||
| CVE-2022-46722 | 1 Apple | 1 Macos | 2023-08-19 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system. | |||||
| CVE-2023-32358 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-08-19 | N/A | 8.8 HIGH |
| A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-28199 | 1 Apple | 1 Macos | 2023-08-19 | N/A | 5.5 MEDIUM |
| An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. An app may be able to disclose kernel memory. | |||||
| CVE-2023-27948 | 1 Apple | 1 Macos | 2023-08-19 | N/A | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory. | |||||
| CVE-2023-27947 | 1 Apple | 1 Macos | 2023-08-19 | N/A | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory. | |||||
| CVE-2023-27939 | 1 Apple | 1 Macos | 2023-08-19 | N/A | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory. | |||||
| CVE-2022-48503 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2023-08-19 | N/A | 8.8 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-28480 | 1 Tigergraph | 1 Tigergraph | 2023-08-18 | N/A | 6.5 MEDIUM |
| An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions (UDFs) from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platform. An attacker who has filesystem access on a remote TigerGraph system can alter the behavior of the database against the will of the database administrator; thus effectively bypassing the built in RBAC controls. | |||||
| CVE-2023-30477 | 1 Essitco | 1 Affiliate Solution | 2023-08-18 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essitco AFFILIATE Solution plugin <= 1.0 versions. | |||||
| CVE-2023-37070 | 1 Code-projects | 1 Hospital Information System | 2023-08-18 | N/A | 4.8 MEDIUM |
| Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS) | |||||