Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20330 | 1 Mongodb | 1 Mongodb | 2024-01-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9. | |||||
| CVE-2021-20329 | 1 Mongodb | 1 Go Driver | 2024-01-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0. | |||||
| CVE-2021-20326 | 1 Mongodb | 1 Mongodb | 2024-01-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.4. | |||||
| CVE-2020-7925 | 1 Mongodb | 1 Mongodb | 2024-01-23 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9. | |||||
| CVE-2019-2389 | 1 Mongodb | 1 Mongodb | 2024-01-23 | 1.9 LOW | 4.2 MEDIUM |
| Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22. | |||||
| CVE-2018-25004 | 1 Mongodb | 1 Mongodb | 2024-01-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11. | |||||
| CVE-2018-20804 | 1 Mongodb | 1 Mongodb | 2024-01-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13. | |||||
| CVE-2023-26159 | 1 Follow-redirects | 1 Follow Redirects | 2024-01-23 | N/A | 6.1 MEDIUM |
| Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. | |||||
| CVE-2023-49568 | 1 Go-git Project | 1 Go-git | 2024-01-22 | N/A | 7.5 HIGH |
| A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git implementation issue and does not affect the upstream git cli. | |||||
| CVE-2023-29446 | 1 Ptc | 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server | 2024-01-19 | N/A | 4.7 MEDIUM |
| An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline. | |||||
| CVE-2023-4818 | 1 Paxtechnology | 2 A920, Paydroid | 2024-01-19 | N/A | 7.6 HIGH |
| PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability. | |||||
| CVE-2023-42137 | 1 Paxtechnology | 9 A50, A6650, A77 and 6 more | 2024-01-19 | N/A | 7.8 HIGH |
| PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability. | |||||
| CVE-2023-42136 | 1 Paxtechnology | 9 A50, A6650, A77 and 6 more | 2024-01-19 | N/A | 7.8 HIGH |
| PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this vulnerability. | |||||
| CVE-2023-5528 | 2 Fedoraproject, Kubernetes | 2 Fedora, Kubernetes | 2024-01-19 | N/A | 8.8 HIGH |
| A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. | |||||
| CVE-2023-47701 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-01-19 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166. | |||||
| CVE-2023-40687 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-01-19 | N/A | 7.5 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809. | |||||
| CVE-2023-38727 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-01-19 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257. | |||||
| CVE-2023-42135 | 1 Paxtechnology | 3 A50, A920 Pro, Paydroid | 2024-01-19 | N/A | 6.8 MEDIUM |
| PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this vulnerability. | |||||
| CVE-2023-31035 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-01-19 | N/A | 7.8 HIGH |
| NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure. | |||||
| CVE-2023-6735 | 1 Tribe29 | 1 Checkmk | 2024-01-19 | N/A | 7.8 HIGH |
| Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | |||||