Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-45477 | 1 Yordam | 1 Library Automation System | 2024-02-28 | N/A | 6.5 MEDIUM |
Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2. | |||||
CVE-2022-44932 | 1 Tenda | 2 A18, A18 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service. | |||||
CVE-2021-24881 | 1 Passster Project | 1 Passter | 2024-02-28 | N/A | 7.5 HIGH |
The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request. | |||||
CVE-2022-36443 | 1 Zebra | 1 Enterprise Home Screen | 2024-02-28 | N/A | 7.8 HIGH |
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction. | |||||
CVE-2017-20166 | 1 Ecto Project | 1 Ecto | 2024-02-28 | N/A | 9.8 CRITICAL |
Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise. | |||||
CVE-2021-45478 | 1 Yordam | 1 Library Automation System | 2024-02-28 | N/A | 6.5 MEDIUM |
Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2. | |||||
CVE-2022-41723 | 1 Golang | 3 Go, Hpack, Http2 | 2024-02-28 | N/A | 7.5 HIGH |
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | |||||
CVE-2023-22636 | 1 Fortinet | 1 Fortiweb | 2024-02-28 | N/A | 3.3 LOW |
An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request. | |||||
CVE-2022-41777 | 1 Kujirahand | 1 Nadesiko3 | 2024-02-28 | N/A | 7.5 HIGH |
Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash. | |||||
CVE-2023-20628 | 2 Google, Mediatek | 42 Android, Mt6580, Mt6739 and 39 more | 2024-02-28 | N/A | 6.7 MEDIUM |
In thermal, there is a possible memory corruption due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494460; Issue ID: ALPS07494460. | |||||
CVE-2023-25240 | 1 Pimcore | 1 Pimcore | 2024-02-28 | N/A | 8.8 HIGH |
An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code. | |||||
CVE-2022-39902 | 1 Samsung | 2 Exynos, Exynos Firmware | 2024-02-28 | N/A | 7.5 HIGH |
Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call. | |||||
CVE-2022-45874 | 1 Huawei | 2 Aslan-al10, Aslan-al10 Firmware | 2024-02-28 | N/A | 5.5 MEDIUM |
Huawei Aslan Children's Watch has an improper authorization vulnerability. Successful exploit could allow the attacker to access certain file. | |||||
CVE-2023-21452 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device. | |||||
CVE-2023-1201 | 1 Devolutions | 1 Devolutions Server | 2024-02-28 | N/A | 6.5 MEDIUM |
Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains. | |||||
CVE-2023-22413 | 1 Juniper | 18 Junos, Mx10, Mx10000 and 15 more | 2024-02-28 | N/A | 7.5 HIGH |
An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). On all MX platforms with MS-MPC or MS-MIC card, when specific IPv4 packets are processed by an IPsec6 tunnel, the Multiservices PIC Management Daemon (mspmand) process will core and restart. This will lead to FPC crash. Traffic flow is impacted while mspmand restarts. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition. This issue only occurs if an IPv4 address is not configured on the multiservice interface. This issue affects: Juniper Networks Junos OS on MX Series All versions prior to 19.4R3-S9; 20.1 version 20.1R3-S5 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. | |||||
CVE-2022-30123 | 2 Debian, Rack Project | 2 Debian Linux, Rack | 2024-02-28 | N/A | 10.0 CRITICAL |
A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. | |||||
CVE-2022-42461 | 1 Miniorange | 1 Google Authenticator | 2024-02-28 | N/A | 8.8 HIGH |
Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress. | |||||
CVE-2022-43543 | 3 Docomo, Kddi, Softbank | 3 \+ Message, \+ Message, \+ Message | 2024-02-28 | N/A | 5.4 MEDIUM |
KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links. As a result, a spoofed URL may be displayed and phishing attacks may be conducted. Affected products and versions are as follows: KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4 | |||||
CVE-2022-46383 | 1 Rackn | 1 Digital Rebar | 2024-02-28 | N/A | 9.8 CRITICAL |
RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within the Digital Rebar system and grant full administrative access. |