Total
12847 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28130 | 1 Checkpoint | 1 Gaia Portal | 2025-02-13 | 7.2 High |
| Local user may lead to privilege escalation using Gaia Portal hostnames page. | ||||
| CVE-2023-28100 | 2 Flatpak, Redhat | 2 Flatpak, Enterprise Linux | 2025-02-13 | 10 Critical |
| Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment. | ||||
| CVE-2023-27555 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2025-02-13 | 5.1 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187. | ||||
| CVE-2023-26022 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2025-02-13 | 5.9 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868. | ||||
| CVE-2023-26021 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2025-02-13 | 7.5 High |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864. | ||||
| CVE-2023-22329 | 1 Intel | 1258 Atom X6200fe, Atom X6200fe Firmware, Atom X6211e and 1255 more | 2025-02-13 | 2.6 Low |
| Improper input validation in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2023-21968 | 4 Debian, Netapp, Oracle and 1 more | 17 Debian Linux, 7-mode Transition Tool, Brocade San Navigator and 14 more | 2025-02-13 | 3.7 Low |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | ||||
| CVE-2023-21939 | 4 Debian, Netapp, Oracle and 1 more | 17 Debian Linux, 7-mode Transition Tool, Brocade San Navigator and 14 more | 2025-02-13 | 5.3 Medium |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | ||||
| CVE-2023-1183 | 3 Fedoraproject, Libreoffice, Redhat | 3 Fedora, Libreoffice, Enterprise Linux | 2025-02-13 | 5 Medium |
| A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. | ||||
| CVE-2023-0779 | 1 Zephyrproject | 1 Zephyr | 2025-02-13 | 6.7 Medium |
| At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible. | ||||
| CVE-2022-4925 | 1 Google | 1 Chrome | 2025-02-13 | 6.5 Medium |
| Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low) | ||||
| CVE-2022-4911 | 1 Google | 1 Chrome | 2025-02-13 | 6.5 Medium |
| Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2022-46725 | 2 Apple, Redhat | 4 Ipados, Iphone Os, Enterprise Linux and 1 more | 2025-02-13 | 4.3 Medium |
| A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing. | ||||
| CVE-2022-44611 | 1 Intel | 596 Atom X6200fe, Atom X6200fe Firmware, Atom X6211e and 593 more | 2025-02-13 | 6.9 Medium |
| Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2022-38102 | 1 Intel | 98 Atom X6200fe, Atom X6211e, Atom X6212re and 95 more | 2025-02-13 | 7.2 High |
| Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2022-38076 | 4 Debian, Fedoraproject, Intel and 1 more | 16 Debian Linux, Fedora, Dual Band Wireless-ac 3165 and 13 more | 2025-02-13 | 3.8 Low |
| Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-36392 | 2 Intel, Intel And Intel Standard Manageability In Intel Csme | 135 B150, B250, B360 and 132 more | 2025-02-13 | 8.6 High |
| Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2022-36351 | 4 Debian, Fedoraproject, Intel and 1 more | 16 Debian Linux, Fedora, Killer and 13 more | 2025-02-13 | 4.3 Medium |
| Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2022-33894 | 1 Intel | 546 Core I3-1000g1, Core I3-1000g1 Firmware, Core I3-1000g4 and 543 more | 2025-02-13 | 7.5 High |
| Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-17532 | 1 Apache | 1 Java Chassis | 2025-02-13 | 8.8 High |
| When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5 | ||||