Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33178 | 1 Broadcom | 1 Fabric Operating System | 2023-03-02 | N/A | 7.2 HIGH |
| A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. | |||||
| CVE-2023-21621 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2023-03-01 | N/A | 7.8 HIGH |
| FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2019-1787 | 3 Clamav, Debian, Opensuse | 3 Clamav, Debian Linux, Leap | 2023-03-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device. | |||||
| CVE-2019-1786 | 1 Clamav | 1 Clamav | 2023-03-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device. | |||||
| CVE-2019-1785 | 1 Clamav | 1 Clamav | 2023-03-01 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system. | |||||
| CVE-2022-39353 | 2 Debian, Xmldom Project | 2 Debian Linux, Xmldom | 2023-03-01 | N/A | 9.8 CRITICAL |
| xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`. | |||||
| CVE-2014-0048 | 2 Apache, Docker | 2 Geode, Docker | 2023-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | |||||
| CVE-2017-1002157 | 1 Redhat | 1 Modulemd | 2023-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution. | |||||
| CVE-2017-1002153 | 1 Koji Project | 1 Koji | 2023-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. | |||||
| CVE-2018-3634 | 1 Intel | 1 Online Connect Access | 2023-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access. | |||||
| CVE-2018-3776 | 1 Nextcloud | 1 Nextcloud Server | 2023-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log. | |||||
| CVE-2018-3777 | 1 Restforce | 1 Restforce | 2023-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests. | |||||
| CVE-2018-3719 | 1 Mixin-deep Project | 1 Mixin-deep | 2023-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
| CVE-2020-12388 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2023-02-28 | 7.5 HIGH | 10.0 CRITICAL |
| The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. | |||||
| CVE-2022-33964 | 1 Intel | 1 System Usage Report | 2023-02-27 | N/A | 9.8 CRITICAL |
| Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-33190 | 1 Intel | 1 System Usage Report | 2023-02-27 | N/A | 7.8 HIGH |
| Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-20846 | 1 Uclouvain | 1 Openjpeg | 2023-02-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | |||||
| CVE-2023-22239 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-02-24 | N/A | 7.8 HIGH |
| After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-22228 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2023-02-24 | N/A | 7.8 HIGH |
| Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-21574 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2023-02-24 | N/A | 7.8 HIGH |
| Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||