| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-27372 |
|
|
Exec Code |
2023-02-28 |
2023-03-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. |
|
2 |
CVE-2023-26314 |
|
|
Exec Code |
2023-02-22 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. |
|
3 |
CVE-2023-25725 |
|
|
Bypass |
2023-02-14 |
2023-02-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. |
|
4 |
CVE-2023-25221 |
787 |
|
Overflow |
2023-03-01 |
2023-03-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc. |
|
5 |
CVE-2023-24758 |
476 |
|
DoS |
2023-03-01 |
2023-03-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. |
|
6 |
CVE-2023-24757 |
476 |
|
DoS |
2023-03-01 |
2023-03-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. |
|
7 |
CVE-2023-24756 |
476 |
|
DoS |
2023-03-01 |
2023-03-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. |
|
8 |
CVE-2023-24755 |
476 |
|
DoS |
2023-03-01 |
2023-03-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. |
|
9 |
CVE-2023-24754 |
476 |
|
DoS |
2023-03-01 |
2023-03-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. |
|
10 |
CVE-2023-24752 |
476 |
|
DoS |
2023-03-01 |
2023-03-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. |
|
11 |
CVE-2023-24751 |
476 |
|
DoS |
2023-03-01 |
2023-03-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. |
|
12 |
CVE-2023-24580 |
400 |
|
|
2023-02-15 |
2023-03-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. |
|
13 |
CVE-2023-24038 |
|
|
|
2023-01-21 |
2023-02-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. |
|
14 |
CVE-2023-24021 |
|
|
Bypass |
2023-01-20 |
2023-03-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. |
|
15 |
CVE-2023-23969 |
770 |
|
|
2023-02-01 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. |
|
16 |
CVE-2023-23920 |
426 |
|
|
2023-02-23 |
2023-03-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. |
|
17 |
CVE-2023-23916 |
770 |
|
|
2023-02-23 |
2023-03-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. |
|
18 |
CVE-2023-23589 |
|
|
|
2023-01-14 |
2023-01-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. |
|
19 |
CVE-2023-23455 |
843 |
|
DoS |
2023-01-12 |
2023-03-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). |
|
20 |
CVE-2023-23454 |
843 |
|
DoS |
2023-01-12 |
2023-03-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). |
|
21 |
CVE-2023-23009 |
400 |
|
DoS |
2023-02-21 |
2023-03-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. |
|
22 |
CVE-2023-22809 |
269 |
|
|
2023-01-18 |
2023-02-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. |
|
23 |
CVE-2023-0412 |
404 |
|
DoS |
2023-01-26 |
2023-02-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file |
|
24 |
CVE-2023-0361 |
203 |
|
|
2023-02-15 |
2023-03-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. |
|
25 |
CVE-2022-48337 |
77 |
|
Exec Code |
2023-02-20 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. |
|
26 |
CVE-2022-48281 |
787 |
|
Overflow |
2023-01-23 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image. |
|
27 |
CVE-2022-48279 |
269 |
|
Bypass |
2023-01-20 |
2023-02-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase. |
|
28 |
CVE-2022-47951 |
22 |
|
Dir. Trav. |
2023-01-26 |
2023-02-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. |
|
29 |
CVE-2022-47950 |
552 |
|
|
2023-01-18 |
2023-01-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed). |
|
30 |
CVE-2022-47929 |
476 |
|
DoS |
2023-01-17 |
2023-03-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. |
|
31 |
CVE-2022-47655 |
787 |
|
Overflow |
2023-01-05 |
2023-02-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short> |
|
32 |
CVE-2022-47629 |
190 |
|
Overflow |
2022-12-20 |
2023-03-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. |
|
33 |
CVE-2022-47521 |
787 |
|
Overflow |
2022-12-18 |
2023-01-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames. |
|
34 |
CVE-2022-47520 |
125 |
|
|
2022-12-18 |
2023-01-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. |
|
35 |
CVE-2022-47519 |
787 |
|
|
2022-12-18 |
2023-01-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames. |
|
36 |
CVE-2022-47518 |
787 |
|
Overflow |
2022-12-18 |
2023-01-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames. |
|
37 |
CVE-2022-47318 |
|
|
Exec Code |
2023-01-17 |
2023-01-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648. |
|
38 |
CVE-2022-46877 |
|
|
|
2022-12-22 |
2023-02-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108. |
|
39 |
CVE-2022-46871 |
|
|
|
2022-12-22 |
2023-02-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. |
|
40 |
CVE-2022-46648 |
94 |
|
Exec Code |
2023-01-17 |
2023-02-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318. |
|
41 |
CVE-2022-46391 |
79 |
|
XSS |
2022-12-04 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. |
|
42 |
CVE-2022-46344 |
125 |
|
Exec Code |
2022-12-14 |
2023-02-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. |
|
43 |
CVE-2022-46343 |
416 |
|
Exec Code |
2022-12-14 |
2023-02-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. |
|
44 |
CVE-2022-46342 |
416 |
|
|
2022-12-14 |
2023-02-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se |
|
45 |
CVE-2022-46341 |
787 |
|
Exec Code |
2022-12-14 |
2023-03-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. |
|
46 |
CVE-2022-46340 |
787 |
|
Exec Code |
2022-12-14 |
2023-03-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order. |
|
47 |
CVE-2022-46338 |
668 |
|
|
2022-11-30 |
2022-12-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data. |
|
48 |
CVE-2022-45939 |
78 |
|
Exec Code |
2022-11-28 |
2023-03-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. |
|
49 |
CVE-2022-45934 |
190 |
|
|
2022-11-27 |
2023-03-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. |
|
50 |
CVE-2022-45693 |
787 |
|
DoS Overflow |
2022-12-13 |
2023-01-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. |
