Export limit exceeded: 352337 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35344 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35344 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28098 | 1 Opensips | 1 Opensips | 2025-02-25 | 5.9 Medium |
| OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function `parse_param_name()` . This issue was discovered while performing coverage guided fuzzing of the function parse_msg. The AddressSanitizer identified that the issue occurred in the function `q_memchr()` which is being called by the function `parse_param_name()`. This issue may cause erratic program behaviour or a server crash. It affects configurations containing functions that make use of the affected code, such as the function `www_authorize()` . Versions 3.1.7 and 3.2.4 contain a fix. | ||||
| CVE-2023-28099 | 1 Opensips | 1 Opensips | 2025-02-25 | 5.9 Medium |
| OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, if `ds_is_in_list()` is used with an invalid IP address string (`NULL` is illegal input), OpenSIPS will attempt to print a string from a random address (stack garbage), which could lead to a crash. All users of `ds_is_in_list()` without the `$si` variable as 1st parameter could be affected by this vulnerability to a larger, lesser or no extent at all, depending if the data passed to the function is a valid IPv4 or IPv6 address string or not. Fixes will are available starting with the 3.1.9 and 3.2.6 minor releases. There are no known workarounds. | ||||
| CVE-2023-23935 | 1 Discourse | 1 Discourse | 2025-02-25 | 3.5 Low |
| Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the `stable` branch and versions 3.1.0.beta2 and prior on the `beta` and `tests-passed` branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal message is visible to a given user. As a result, any users can technically poll a sensitive tag to determine if a new personal message is created even if the user does not have access to the personal message. In the patched versions, the count of personal messages tagged with a given tag is hidden by default. To revert to the old behaviour of displaying the count of personal messages for a given tag, an admin may enable the `display_personal_messages_tag_counts` site setting. | ||||
| CVE-2023-23622 | 1 Discourse | 1 Discourse | 2025-02-25 | 4.3 Medium |
| Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions. | ||||
| CVE-2023-27591 | 1 Miniflux Project | 1 Miniflux | 2025-02-25 | 7.5 High |
| Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS_COLLECTOR` configuration option is enabled and `METRICS_ALLOWED_NETWORKS` is set to `127.0.0.1/8` (the default). A patch is available in Miniflux 2.0.43. As a workaround, set `METRICS_COLLECTOR` to `false` (default) or run Miniflux behind a trusted reverse-proxy. | ||||
| CVE-2023-28433 | 1 Minio | 1 Minio | 2025-02-25 | 8.8 High |
| Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\` character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to `PutObject` in a specific bucket, can create an admin user. This issue is patched in RELEASE.2023-03-20T20-16-18Z. There are no known workarounds. | ||||
| CVE-2021-3923 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2025-02-24 | 2.3 Low |
| A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms. | ||||
| CVE-2022-48349 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | 9.1 Critical |
| The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability. | ||||
| CVE-2022-48348 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | 9.1 Critical |
| The MediaProvider module has a vulnerability of unauthorized data read. Successful exploitation of this vulnerability may affect confidentiality and integrity. | ||||
| CVE-2022-48351 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | 7.5 High |
| The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2022-48353 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | 9.8 Critical |
| Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions. | ||||
| CVE-2024-34693 | 1 Apache | 1 Superset | 2025-02-21 | 6.8 Medium |
| Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.This issue affects Apache Superset: before 3.1.3 and version 4.0.0 Users are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue. | ||||
| CVE-2022-33901 | 1 Multisafepay | 1 Multisafepay Plugin For Woocommerce | 2025-02-20 | 5.3 Medium |
| Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress. | ||||
| CVE-2022-33142 | 1 Wordplus | 1 Better Messages | 2025-02-20 | 7.7 High |
| Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. | ||||
| CVE-2022-23981 | 1 Quadlayers | 1 Perfect Brands For Woocommerce | 2025-02-20 | 4.3 Medium |
| The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4). | ||||
| CVE-2022-41652 | 1 Expresstech | 1 Quiz And Survey Master | 2025-02-20 | 6.5 Medium |
| Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. | ||||
| CVE-2022-41155 | 1 Webence | 1 Iq Block Country | 2025-02-20 | 5.3 Medium |
| Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress. | ||||
| CVE-2022-36793 | 1 Wp-shop | 1 Wp Shop | 2025-02-20 | 6.5 Medium |
| Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress. | ||||
| CVE-2022-38067 | 1 Total-soft | 1 Event Calendar | 2025-02-20 | 6.5 Medium |
| Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress. | ||||
| CVE-2022-41623 | 1 Villatheme | 1 Dropshipping And Fulfillment For Aliexpress And Woocommerce | 2025-02-20 | 7.5 High |
| Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress. | ||||