Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0265 | 2 Microware, Novell | 2 Os-9, Netware | 2023-11-07 | 5.0 MEDIUM | N/A |
| ICMP redirect messages may crash or lock up a host. | |||||
| CVE-2023-21391 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.5 HIGH |
| In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-5624 | 1 Tenable | 1 Nessus Network Monitor | 2023-11-06 | N/A | 7.2 HIGH |
| Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection. | |||||
| CVE-2023-39456 | 2 Apache, Fedoraproject | 2 Traffic Server, Fedora | 2023-11-06 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue. | |||||
| CVE-2022-47185 | 1 Apache | 1 Traffic Server | 2023-11-06 | N/A | 7.5 HIGH |
| Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1. | |||||
| CVE-2023-45648 | 2 Apache, Debian | 2 Tomcat, Debian Linux | 2023-11-04 | N/A | 5.3 MEDIUM |
| Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. | |||||
| CVE-2022-4573 | 1 Lenovo | 2 Thinkpad X1 Fold Gen 1, Thinkpad X1 Fold Gen 1 Firmware | 2023-11-04 | N/A | 6.7 MEDIUM |
| An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2022-48189 | 1 Lenovo | 170 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E14 Gen 2 and 167 more | 2023-11-03 | N/A | 6.7 MEDIUM |
| An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2013-1763 | 1 Linux | 1 Linux Kernel | 2023-11-01 | 7.2 HIGH | N/A |
| Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message. | |||||
| CVE-2013-5211 | 3 Ntp, Opensuse, Oracle | 3 Ntp, Opensuse, Linux | 2023-11-01 | 5.0 MEDIUM | N/A |
| The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. | |||||
| CVE-2023-45805 | 1 Frostming | 2 Pdm, Unearth | 2023-10-28 | N/A | 7.8 HIGH |
| pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious `pdm.lock` file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project `foo` can be targeted by creating the project `foo-2` and uploading the file `foo-2-2.tar.gz` to pypi.org. PyPI will see this as project `foo-2` version `2`, while PDM will see this as project `foo` version `2-2`. The version must only be `parseable as a version` and the filename must be a prefix of the project name, but it's not verified to match the version being installed. Version `2-2` is also not a valid normalized version per PEP 440. Matching the project name exactly (not just prefix) would fix the issue. When installing dependencies with PDM, what's actually installed could differ from what's listed in `pyproject.toml` (including arbitrary code execution on install). It could also be used for downgrade attacks by only changing the version. This issue has been addressed in commit `6853e2642df` which is included in release version `2.9.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-3487 | 1 Silabs | 1 Gecko Bootloader | 2023-10-27 | N/A | 7.8 HIGH |
| An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. | |||||
| CVE-2023-28805 | 1 Zscaler | 1 Client Connector | 2023-10-27 | N/A | 9.8 CRITICAL |
| An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105 | |||||
| CVE-2021-26736 | 1 Zscaler | 1 Client Connector | 2023-10-27 | N/A | 7.8 HIGH |
| Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges. | |||||
| CVE-2022-39017 | 1 M-files | 1 Hubshare | 2023-10-25 | N/A | 5.4 MEDIUM |
| Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments. | |||||
| CVE-2022-39016 | 1 M-files | 1 Hubshare | 2023-10-25 | N/A | 8.8 HIGH |
| Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. | |||||
| CVE-2021-21606 | 1 Jenkins | 1 Jenkins | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path. | |||||
| CVE-2020-2168 | 1 Jenkins | 1 Azure Container Service | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
| CVE-2020-2167 | 1 Jenkins | 1 Openshift Pipeline | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
| CVE-2020-2166 | 1 Jenkins | 1 Pipeline\ | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||