Export limit exceeded: 352303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35344 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35344 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4886 | 1 Kubernetes | 1 Ingress-nginx | 2025-02-13 | 8.8 High |
| Ingress-nginx `path` sanitization can be bypassed with `log_format` directive. | ||||
| CVE-2022-47185 | 1 Apache | 1 Traffic Server | 2025-02-13 | 7.5 High |
| Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1. | ||||
| CVE-2022-47184 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2025-02-13 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0. | ||||
| CVE-2023-47141 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2025-02-13 | 5.3 Medium |
| IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264. | ||||
| CVE-2023-46167 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-02-13 | 5.9 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367. | ||||
| CVE-2023-45285 | 2 Golang, Redhat | 4 Go, Devtools, Enterprise Linux and 1 more | 2025-02-13 | 7.5 High |
| Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off). | ||||
| CVE-2023-45239 | 3 Facebook, Fedoraproject, Meta | 3 Tac Plus, Fedora, Tac Plus | 2025-02-13 | 9.8 Critical |
| A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server. | ||||
| CVE-2023-45193 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2025-02-13 | 5.9 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759. | ||||
| CVE-2023-45178 | 1 Ibm | 1 Db2 | 2025-02-13 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073. | ||||
| CVE-2023-45143 | 3 Fedoraproject, Nodejs, Redhat | 3 Fedora, Undici, Enterprise Linux | 2025-02-13 | 3.9 Low |
| Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds. | ||||
| CVE-2023-44253 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2025-02-13 | 4.7 Medium |
| An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests. | ||||
| CVE-2023-4368 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-02-13 | 8.8 High |
| Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-4367 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-13 | 6.5 Medium |
| Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-4365 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-13 | 4.3 Medium |
| Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-4364 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-13 | 4.3 Medium |
| Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-4363 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2025-02-13 | 4.3 Medium |
| Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-4361 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2025-02-13 | 5.3 Medium |
| Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-4360 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-13 | 4.3 Medium |
| Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-4359 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Iphone Os, Debian Linux, Fedora and 1 more | 2025-02-13 | 5.3 Medium |
| Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-4357 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-13 | 8.8 High |
| Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||