Total
1465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3707 | 3 Linux, Novell, Redhat | 4 Linux Kernel-rt, Suse Linux Enterprise Real Time Extension, Enterprise Linux For Real Time and 1 more | 2023-02-12 | 6.8 MEDIUM | 8.1 HIGH |
| The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file. | |||||
| CVE-2016-3107 | 1 Pulpproject | 1 Pulp | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
| The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data. | |||||
| CVE-2016-3698 | 4 Canonical, Debian, Libndp and 1 more | 10 Ubuntu Linux, Debian Linux, Libndp and 7 more | 2023-02-12 | 6.8 MEDIUM | 8.1 HIGH |
| libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network. | |||||
| CVE-2016-3703 | 1 Redhat | 1 Openshift | 2023-02-12 | 3.5 LOW | 5.3 MEDIUM |
| Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter. | |||||
| CVE-2016-1905 | 1 Kubernetes | 1 Kubernetes | 2023-02-12 | 4.0 MEDIUM | 7.7 HIGH |
| The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. | |||||
| CVE-2016-0757 | 1 Openstack | 1 Image Registry And Delivery Service \(glance\) | 2023-02-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image. | |||||
| CVE-2012-6689 | 1 Linux | 1 Linux Kernel | 2023-01-20 | 7.2 HIGH | 7.8 HIGH |
| The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages. | |||||
| CVE-2016-7048 | 1 Postgresql | 1 Postgresql | 2023-01-19 | 9.3 HIGH | 8.1 HIGH |
| The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software. | |||||
| CVE-2023-0017 | 1 Sap | 1 Netweaver Application Server For Java | 2023-01-13 | N/A | 9.8 CRITICAL |
| An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable. | |||||
| CVE-2023-0012 | 2 Microsoft, Sap | 2 Windows, Host Agent | 2023-01-13 | N/A | 6.7 MEDIUM |
| In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised. | |||||
| CVE-2022-4814 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 4.3 MEDIUM |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4807 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 4.3 MEDIUM |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4810 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 4.3 MEDIUM |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4809 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 8.8 HIGH |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4724 | 1 Ikus-soft | 1 Rdiffweb | 2023-01-05 | N/A | 9.8 CRITICAL |
| Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5. | |||||
| CVE-2022-4684 | 1 Usememos | 1 Memos | 2022-12-30 | N/A | 8.8 HIGH |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-4689 | 1 Usememos | 1 Memos | 2022-12-30 | N/A | 8.8 HIGH |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-41654 | 1 Ghost | 1 Ghost | 2022-12-29 | N/A | 4.3 MEDIUM |
| An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-4567 | 1 Open-emr | 1 Openemr | 2022-12-21 | N/A | 8.1 HIGH |
| Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2. | |||||
| CVE-2020-7561 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2022-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. | |||||