Vulnerabilities (CVE)

Total 258801 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-1048 1 Microsoft 3 Ie, Internet Explorer, Outlook 2024-02-02 10.0 HIGH 7.8 HIGH
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
CVE-2005-0891 1 Gnome 1 Gtk 2024-02-02 5.0 MEDIUM 7.5 HIGH
Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.
CVE-2023-52215 1 Ukrsolution 1 Barcode Scanner And Inventory Manager 2024-02-02 N/A 9.8 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce.This issue affects Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce: from n/a through 1.5.1.
CVE-2024-0217 2 Packagekit Project, Redhat 2 Packagekit, Enterprise Linux 2024-02-02 N/A 3.3 LOW
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.
CVE-2002-0059 1 Zlib 1 Zlib 2024-02-02 7.5 HIGH 9.8 CRITICAL
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
CVE-2012-1988 4 Canonical, Debian, Fedoraproject and 1 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-02-02 6.0 MEDIUM N/A
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.
CVE-2023-50328 1 Ibm 1 Powersc 2024-02-02 N/A 5.3 MEDIUM
IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110.
CVE-2008-2575 1 Jcoppens 1 Cbrpager 2024-02-02 6.8 MEDIUM N/A
cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.
CVE-2005-3119 1 Linux 1 Linux Kernel 2024-02-02 2.1 LOW N/A
Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service (memory consumption) via a large number of authorization token keys.
CVE-2023-50934 1 Ibm 1 Powersc 2024-02-02 N/A 5.3 MEDIUM
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114.
CVE-2003-0041 2 Mit, Redhat 2 Kerberos Ftp Client, Linux 2024-02-02 10.0 HIGH N/A
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
CVE-2002-1898 1 Apple 1 Mac Os X 2024-02-02 7.2 HIGH N/A
Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window.
CVE-2023-50935 1 Ibm 1 Powersc 2024-02-02 N/A 6.5 MEDIUM
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115.
CVE-2023-50938 1 Ibm 1 Powersc 2024-02-02 N/A 4.3 MEDIUM
IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128.
CVE-2023-50941 1 Ibm 1 Powersc 2024-02-02 N/A 5.4 MEDIUM
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131.
CVE-2005-2103 1 Rob Flynn 1 Gaim 2024-02-02 7.5 HIGH 9.8 CRITICAL
Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.
CVE-2008-3281 1 Xmlsoft 1 Libxml2 2024-02-02 4.3 MEDIUM 6.5 MEDIUM
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
CVE-2011-1755 1 Jabber 1 Jabberd2 2024-02-02 5.0 MEDIUM 7.5 HIGH
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
CVE-2023-21788 1 Microsoft 1 3d Builder 2024-02-02 N/A 7.8 HIGH
3D Builder Remote Code Execution Vulnerability
CVE-2023-3863 1 Linux 1 Linux Kernel 2024-02-02 N/A 4.1 MEDIUM
A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.