Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-7050 | 1 Phpgurukul | 1 Online Notes Sharing System | 2023-12-29 | N/A | 5.4 MEDIUM |
| A vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user/profile.php. The manipulation of the argument name/email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248737 was assigned to this vulnerability. | |||||
| CVE-2023-37519 | 1 Hcltech | 1 Bigfix Platform | 2023-12-29 | N/A | 6.1 MEDIUM |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server. | |||||
| CVE-2023-49084 | 1 Cacti | 1 Cacti | 2023-12-29 | N/A | 8.8 HIGH |
| Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server. | |||||
| CVE-2023-49086 | 1 Cacti | 1 Cacti | 2023-12-29 | N/A | 5.4 MEDIUM |
| Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. Impact of the vulnerability - execution of arbitrary javascript code in the attacked user's browser. This issue has been patched in version 1.2.26. | |||||
| CVE-2023-49677 | 1 Kashipara | 1 Job Portal | 2023-12-29 | N/A | 9.8 CRITICAL |
| Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-51704 | 1 Mediawiki | 1 Mediawiki | 2023-12-29 | N/A | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights. | |||||
| CVE-2023-49356 | 1 Glensawyer | 1 Mp3gain | 2023-12-29 | N/A | 7.5 HIGH |
| A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592. | |||||
| CVE-2023-42017 | 1 Ibm | 1 Planning Analytics | 2023-12-29 | N/A | 9.8 CRITICAL |
| IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567. | |||||
| CVE-2023-49085 | 1 Cacti | 1 Cacti | 2023-12-29 | N/A | 8.8 HIGH |
| Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist. | |||||
| CVE-2023-40236 | 1 Pexip | 1 Virtual Meeting Rooms | 2023-12-29 | N/A | 5.3 MEDIUM |
| In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass. | |||||
| CVE-2023-37188 | 1 C-blosc2 Project | 1 C-blosc2 | 2023-12-29 | N/A | 7.5 HIGH |
| C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c. | |||||
| CVE-2023-37187 | 1 C-blosc2 Project | 1 C-blosc2 | 2023-12-29 | N/A | 7.5 HIGH |
| C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function. | |||||
| CVE-2023-37186 | 1 C-blosc2 Project | 1 C-blosc2 | 2023-12-29 | N/A | 7.5 HIGH |
| C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset. | |||||
| CVE-2023-37185 | 1 C-blosc2 Project | 1 C-blosc2 | 2023-12-29 | N/A | 7.5 HIGH |
| C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c. | |||||
| CVE-2023-37225 | 1 Pexip | 1 Pexip Infinity | 2023-12-29 | N/A | 6.1 MEDIUM |
| Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links. | |||||
| CVE-2023-38253 | 3 Fedoraproject, Redhat, Tats | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2023-12-29 | N/A | 5.5 MEDIUM |
| An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. | |||||
| CVE-2023-38252 | 3 Fedoraproject, Redhat, Tats | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2023-12-29 | N/A | 5.5 MEDIUM |
| An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. | |||||
| CVE-2022-38223 | 2 Fedoraproject, Tats | 2 Fedora, W3m | 2023-12-29 | N/A | 7.8 HIGH |
| There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. | |||||
| CVE-2018-6198 | 2 Canonical, Tats | 2 Ubuntu Linux, W3m | 2023-12-29 | 3.3 LOW | 4.7 MEDIUM |
| w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. | |||||
| CVE-2018-6197 | 2 Canonical, Tats | 2 Ubuntu Linux, W3m | 2023-12-29 | 5.0 MEDIUM | 7.5 HIGH |
| w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. | |||||
| CVE-2018-6196 | 2 Canonical, Tats | 2 Ubuntu Linux, W3m | 2023-12-29 | 5.0 MEDIUM | 7.5 HIGH |
| w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value. | |||||
| CVE-2016-9436 | 3 Opensuse, Opensuse Project, Tats | 3 Leap, Leap, W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. | |||||
| CVE-2016-9435 | 3 Opensuse, Opensuse Project, Tats | 3 Leap, Leap, W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags. | |||||
| CVE-2016-9633 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page. | |||||
| CVE-2016-9632 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. | |||||
| CVE-2016-9631 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||||
| CVE-2016-9630 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. | |||||
| CVE-2016-9629 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||||
| CVE-2016-9628 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||||
| CVE-2016-9627 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page. | |||||
| CVE-2016-9626 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |||||
| CVE-2016-9625 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |||||
| CVE-2016-9624 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||||
| CVE-2016-9623 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||||
| CVE-2016-9622 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||||
| CVE-2016-9443 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||||
| CVE-2016-9442 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page. | |||||
| CVE-2016-9441 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||||
| CVE-2016-9440 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||||
| CVE-2016-9439 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |||||
| CVE-2016-9438 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||||
| CVE-2016-9437 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page. | |||||
| CVE-2016-9434 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||||
| CVE-2016-9433 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (out-of-bounds array access) via a crafted HTML page. | |||||
| CVE-2016-9432 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (memory corruption, segmentation fault, and crash) via a crafted HTML page. | |||||
| CVE-2016-9431 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |||||
| CVE-2016-9430 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||||
| CVE-2016-9429 | 1 Tats | 1 W3m | 2023-12-29 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Buffer overflow in the formUpdateBuffer function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page. | |||||
| CVE-2016-9428 | 1 Tats | 1 W3m | 2023-12-29 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page. | |||||
| CVE-2016-9426 | 1 Tats | 1 W3m | 2023-12-29 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service (OOM) and possibly execute arbitrary code due to bdwgc's bug (CVE-2016-9427) via a crafted HTML page. | |||||