Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4895 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-12-28 | 4.7 MEDIUM | 4.7 MEDIUM |
| Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. NOTE: the vulnerability was addressed in a different way in 2.6.32.9. | |||||
| CVE-2009-2698 | 6 Canonical, Fedoraproject, Linux and 3 more | 12 Ubuntu Linux, Fedora, Linux Kernel and 9 more | 2023-12-28 | 7.2 HIGH | 7.8 HIGH |
| The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. | |||||
| CVE-2009-0949 | 3 Apple, Canonical, Debian | 5 Cups, Mac Os X, Mac Os X Server and 2 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. | |||||
| CVE-2023-3654 | 1 Cashit | 1 Cashit\! | 2023-12-28 | N/A | 9.8 CRITICAL |
| cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request. This vulnerability can be triggered by an HTTP endpoint exposed to the network. | |||||
| CVE-2023-3656 | 1 Cashit | 1 Cashit\! | 2023-12-28 | N/A | 9.8 CRITICAL |
| cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network. | |||||
| CVE-2023-3655 | 1 Cashit | 1 Cashit\! | 2023-12-28 | N/A | 7.5 HIGH |
| cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...). This vulnerability can be triggered by an HTTP endpoint exposed to the network. | |||||
| CVE-2022-23125 | 2 Debian, Netatalk | 2 Debian Linux, Netatalk | 2023-12-28 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869. | |||||
| CVE-2022-45188 | 3 Debian, Fedoraproject, Netatalk | 3 Debian Linux, Fedora, Netatalk | 2023-12-28 | N/A | 7.8 HIGH |
| Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). | |||||
| CVE-2023-33222 | 1 Idemia | 16 Morphowave Compact, Morphowave Compact Firmware, Morphowave Sp and 13 more | 2023-12-28 | N/A | 9.8 CRITICAL |
| When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device | |||||
| CVE-2023-4522 | 1 Gitlab | 1 Gitlab | 2023-12-28 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit. | |||||
| CVE-2023-27074 | 1 Phpgurukul | 1 Bp Monitoring Management System | 2023-12-28 | N/A | 9.8 CRITICAL |
| BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page. | |||||
| CVE-2022-46705 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2023-12-28 | N/A | 4.3 MEDIUM |
| A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2023-0563 | 1 Phpgurukul | 1 Bank Locker Management System | 2023-12-28 | N/A | 4.8 MEDIUM |
| A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219717 was assigned to this vulnerability. | |||||
| CVE-2023-0562 | 1 Phpgurukul | 1 Bank Locker Management System | 2023-12-28 | N/A | 9.8 CRITICAL |
| A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219716. | |||||
| CVE-2023-33951 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Linux For Real Time and 1 more | 2023-12-28 | N/A | 5.3 MEDIUM |
| A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel. | |||||
| CVE-2023-39551 | 1 Phpgurukul | 1 Online Security Guards Hiring System | 2023-12-28 | N/A | 9.8 CRITICAL |
| PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php. | |||||
| CVE-2023-34968 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Enterprise Linux and 2 more | 2023-12-28 | N/A | 5.3 MEDIUM |
| A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. | |||||
| CVE-2023-4132 | 4 Debian, Fedoraproject, Linux and 1 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2023-12-28 | N/A | 5.5 MEDIUM |
| A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. | |||||
| CVE-2023-36942 | 1 Phpgurukul | 1 Online Fire Reporting System | 2023-12-28 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field. | |||||
| CVE-2023-7059 | 1 Remyandrade | 1 School Visitor Log E-book | 2023-12-28 | N/A | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester School Visitor Log e-Book 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file log-book.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248750 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-7058 | 1 Oretnom23 | 1 Simple Student Attendance System | 2023-12-28 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248749 was assigned to this vulnerability. | |||||
| CVE-2023-7057 | 1 Carmelogarcia | 1 Faculty Management System | 2023-12-28 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248744. | |||||
| CVE-2023-7056 | 1 Carmelogarcia | 1 Faculty Management System | 2023-12-28 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in code-projects Faculty Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/pages/subjects.php. The manipulation of the argument Description/Units leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248743. | |||||
| CVE-2023-7055 | 1 Phpgurukul | 1 Online Notes Sharing System | 2023-12-28 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-7054 | 1 Phpgurukul | 1 Online Notes Sharing System | 2023-12-28 | N/A | 5.4 MEDIUM |
| A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248741 was assigned to this vulnerability. | |||||
| CVE-2023-7053 | 1 Phpgurukul | 1 Online Notes Sharing System | 2023-12-28 | N/A | 8.8 HIGH |
| A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740. | |||||
| CVE-2023-7052 | 1 Phpgurukul | 1 Online Notes Sharing System | 2023-12-28 | N/A | 4.3 MEDIUM |
| A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739. | |||||
| CVE-2023-7051 | 1 Phpgurukul | 1 Online Notes Sharing System | 2023-12-28 | N/A | 4.3 MEDIUM |
| A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/manage-notes.php of the component Notes Handler. The manipulation of the argument delid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248738 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-47265 | 1 Apache | 1 Airflow | 2023-12-28 | N/A | 5.4 MEDIUM |
| Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the browser sandbox. While this issue does not allow to exit the browser sandbox or manipulation of the server-side data - more than the DAG author already has, it allows to modify what the user looking at the DAG details sees in the browser - which opens up all kinds of possibilities of misleading other users. Users of Apache Airflow are recommended to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability | |||||
| CVE-2023-48291 | 1 Apache | 1 Airflow | 2023-12-28 | N/A | 4.3 MEDIUM |
| Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability. | |||||
| CVE-2023-49920 | 1 Apache | 1 Airflow | 2023-12-28 | N/A | 6.5 MEDIUM |
| Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent. Users are advised to upgrade to version 2.8.0 or later which is not affected | |||||
| CVE-2023-50783 | 1 Apache | 1 Airflow | 2023-12-28 | N/A | 6.5 MEDIUM |
| Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are recommended to upgrade to 2.8.0, which fixes this issue | |||||
| CVE-2023-46149 | 1 Themify | 1 Ultra | 2023-12-28 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | |||||
| CVE-2023-29102 | 1 Olivethemes | 1 Olive One Click Demo Import | 2023-12-28 | N/A | 7.2 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. | |||||
| CVE-2023-29384 | 1 Hmplugin | 1 Jobwp | 2023-12-28 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.0. | |||||
| CVE-2023-33318 | 1 Woocommerce | 1 Automatewoo | 2023-12-28 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40. | |||||
| CVE-2023-31215 | 1 Amadercode | 1 Dropshipping \& Affiliation With Amazon | 2023-12-28 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon.This issue affects Dropshipping & Affiliation with Amazon: from n/a through 2.1.2. | |||||
| CVE-2023-34007 | 1 Wpchill | 1 Download Monitor | 2023-12-28 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3. | |||||
| CVE-2021-43876 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2023-12-28 | 6.0 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||
| CVE-2021-43889 | 1 Microsoft | 1 Defender For Iot | 2023-12-28 | 6.5 MEDIUM | 7.2 HIGH |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2021-43882 | 1 Microsoft | 1 Defender For Iot | 2023-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2021-43877 | 1 Microsoft | 3 Asp.net Core, Visual Studio 2019, Visual Studio 2022 | 2023-12-28 | 4.6 MEDIUM | 8.8 HIGH |
| ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2021-43242 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-28 | 3.5 LOW | 5.7 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2021-43236 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft Message Queuing Information Disclosure Vulnerability | |||||
| CVE-2021-43235 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| Storage Spaces Controller Information Disclosure Vulnerability | |||||
| CVE-2021-43231 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2021-43230 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2021-43229 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2021-43227 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| Storage Spaces Controller Information Disclosure Vulnerability | |||||
| CVE-2021-43226 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||