Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1514 | 1 Hitachienergy | 1 Rtu500 Scripting Interface | 2023-12-28 | N/A | 7.5 HIGH |
| A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface. | |||||
| CVE-2023-49148 | 1 Affiliatebooster | 1 Affiliate Booster | 2023-12-28 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5. | |||||
| CVE-2022-3587 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component My Account. The manipulation of the argument First Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211201 was assigned to this vulnerability. | |||||
| CVE-2022-3585 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Affected is an unknown function of the file /csms/?page=contact_us of the component Contact Us. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-211194 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3582 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 3.5 LOW |
| A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211189 was assigned to this vulnerability. | |||||
| CVE-2022-3549 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 7.2 HIGH |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manage_user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211049 was assigned to this vulnerability. | |||||
| CVE-2022-3548 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 4.8 MEDIUM |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Add New Storage Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211048. | |||||
| CVE-2022-3546 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 4.8 MEDIUM |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-42232 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage. | |||||
| CVE-2022-42250 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/view_details.php?id=. | |||||
| CVE-2022-42249 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/view_storage.php?id=. | |||||
| CVE-2022-42243 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/manage_storage.php?id=. | |||||
| CVE-2022-42242 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking. | |||||
| CVE-2022-42241 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 7.2 HIGH |
| Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message. | |||||
| CVE-2021-45435 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php. | |||||
| CVE-2021-28117 | 1 Kde | 1 Discover | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.) | |||||
| CVE-2023-4527 | 4 Fedoraproject, Gnu, Netapp and 1 more | 32 Fedora, Glibc, H300s and 29 more | 2023-12-28 | N/A | 6.5 MEDIUM |
| A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. | |||||
| CVE-2023-2680 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2023-12-28 | N/A | 8.2 HIGH |
| This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750. | |||||
| CVE-2023-41615 | 1 Phpgurukul | 1 Zoo Management System | 2023-12-28 | N/A | 9.8 CRITICAL |
| Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields. | |||||
| CVE-2021-43221 | 1 Microsoft | 1 Edge Chromium | 2023-12-28 | 4.0 MEDIUM | 4.2 MEDIUM |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2021-43220 | 1 Microsoft | 1 Edge Ios | 2023-12-28 | 5.0 MEDIUM | 3.1 LOW |
| Microsoft Edge for iOS Spoofing Vulnerability | |||||
| CVE-2021-43211 | 1 Microsoft | 1 Windows 10 Update Assistant | 2023-12-28 | 6.6 MEDIUM | 5.5 MEDIUM |
| Windows 10 Update Assistant Elevation of Privilege Vulnerability | |||||
| CVE-2021-43209 | 1 Microsoft | 1 3d Viewer | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| 3D Viewer Remote Code Execution Vulnerability | |||||
| CVE-2021-43208 | 1 Microsoft | 1 3d Viewer | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| 3D Viewer Remote Code Execution Vulnerability | |||||
| CVE-2021-42323 | 1 Microsoft | 1 Azure Real Time Operating System | 2023-12-28 | 2.1 LOW | 3.3 LOW |
| Azure RTOS Information Disclosure Vulnerability | |||||
| CVE-2021-42322 | 1 Microsoft | 1 Visual Studio Code | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Visual Studio Code Elevation of Privilege Vulnerability | |||||
| CVE-2021-42321 | 1 Microsoft | 1 Exchange Server | 2023-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-42308 | 1 Microsoft | 1 Edge Chromium | 2023-12-28 | 5.0 MEDIUM | 3.1 LOW |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2021-42306 | 1 Microsoft | 4 Azure Active Directory, Azure Active Site Recovery, Azure Automation and 1 more | 2023-12-28 | 4.0 MEDIUM | 8.1 HIGH |
| <p>An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate <a href="https://docs.microsoft.com/en-us/graph/api/resources/keycredential?view=graph-rest-1.0">keyCredential</a>? on an Azure AD <a href="https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals">Application or Service Principal</a> (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application.</p> <p>Azure AD?addressed this vulnerability by preventing disclosure of any private key?values added?to the application.</p> <p>Microsoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information.</p> <p>For more details on this issue, please refer to the <a href="https://aka.ms/CVE-2021-42306-AAD">MSRC Blog Entry</a>.</p> | |||||
| CVE-2021-42297 | 1 Microsoft | 1 Windows 10 Update Assistant | 2023-12-28 | 6.9 MEDIUM | 5.0 MEDIUM |
| Windows 10 Update Assistant Elevation of Privilege Vulnerability | |||||
| CVE-2021-42319 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2023-12-28 | 2.1 LOW | 4.7 MEDIUM |
| Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2021-42316 | 1 Microsoft | 1 Dynamics 365 | 2023-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | |||||
| CVE-2021-42305 | 1 Microsoft | 1 Exchange Server | 2023-12-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2021-42304 | 1 Microsoft | 1 Azure Real Time Operating System | 2023-12-28 | 7.2 HIGH | 6.6 MEDIUM |
| Azure RTOS Elevation of Privilege Vulnerability | |||||
| CVE-2021-42303 | 1 Microsoft | 1 Azure Real Time Operating System | 2023-12-28 | 7.2 HIGH | 6.6 MEDIUM |
| Azure RTOS Elevation of Privilege Vulnerability | |||||
| CVE-2021-42302 | 1 Microsoft | 1 Azure Real Time Operating System | 2023-12-28 | 7.2 HIGH | 6.6 MEDIUM |
| Azure RTOS Elevation of Privilege Vulnerability | |||||
| CVE-2021-42301 | 1 Microsoft | 1 Azure Rtos | 2023-12-28 | 2.1 LOW | 3.3 LOW |
| Azure RTOS Information Disclosure Vulnerability | |||||
| CVE-2021-42300 | 1 Microsoft | 1 Azure Sphere | 2023-12-28 | 4.6 MEDIUM | 6.0 MEDIUM |
| Azure Sphere Tampering Vulnerability | |||||
| CVE-2021-42298 | 1 Microsoft | 1 Malware Protection Engine | 2023-12-28 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Defender Remote Code Execution Vulnerability | |||||
| CVE-2021-42296 | 1 Microsoft | 2 365 Apps, Office | 2023-12-28 | 6.9 MEDIUM | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2021-42292 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Security Feature Bypass Vulnerability | |||||
| CVE-2021-42291 | 1 Microsoft | 6 Windows Server, Windows Server 2008, Windows Server 2012 and 3 more | 2023-12-28 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-42288 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-28 | 3.6 LOW | 5.7 MEDIUM |
| Windows Hello Security Feature Bypass Vulnerability | |||||
| CVE-2021-42287 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2023-12-28 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-42286 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2016 | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability | |||||
| CVE-2021-42285 | 1 Microsoft | 11 Windows 10, Windows 11, Windows 7 and 8 more | 2023-12-28 | 7.2 HIGH | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2021-42284 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-28 | 7.1 HIGH | 6.8 MEDIUM |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2021-42283 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 8.8 HIGH |
| NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2021-42282 | 1 Microsoft | 6 Windows Server, Windows Server 2008, Windows Server 2012 and 3 more | 2023-12-28 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-42280 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-28 | 4.6 MEDIUM | 5.5 MEDIUM |
| Windows Feedback Hub Elevation of Privilege Vulnerability | |||||