Total
260448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23648 | 2024-02-02 | N/A | 8.8 HIGH | ||
| Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user's password. Prior to version 1.2.3, the reset-password URL is crafted using the "Host" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a "Host" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue. | |||||
| CVE-2024-23782 | 2024-02-02 | N/A | 5.4 MEDIUM | ||
| Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product. | |||||
| CVE-2023-6200 | 2024-02-02 | N/A | 7.5 HIGH | ||
| A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution. | |||||
| CVE-2004-0642 | 3 Debian, Mit, Redhat | 5 Debian Linux, Kerberos 5, Enterprise Linux Desktop and 2 more | 2024-02-02 | 7.5 HIGH | N/A |
| Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code. | |||||
| CVE-2004-0772 | 1 Mit | 2 Kerberos, Kerberos 5 | 2024-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code. | |||||
| CVE-2005-1689 | 1 Mit | 1 Kerberos 5 | 2024-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions. | |||||
| CVE-2003-0545 | 1 Openssl | 1 Openssl | 2024-02-02 | 10.0 HIGH | 9.8 CRITICAL |
| Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. | |||||
| CVE-2003-1048 | 1 Microsoft | 3 Ie, Internet Explorer, Outlook | 2024-02-02 | 10.0 HIGH | 7.8 HIGH |
| Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. | |||||
| CVE-2005-0891 | 1 Gnome | 1 Gtk | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image. | |||||
| CVE-2023-52215 | 1 Ukrsolution | 1 Barcode Scanner And Inventory Manager | 2024-02-02 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce.This issue affects Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce: from n/a through 1.5.1. | |||||
| CVE-2024-0217 | 2 Packagekit Project, Redhat | 2 Packagekit, Enterprise Linux | 2024-02-02 | N/A | 3.3 LOW |
| A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost. | |||||
| CVE-2002-0059 | 1 Zlib | 1 Zlib | 2024-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data. | |||||
| CVE-2012-1988 | 4 Canonical, Debian, Fedoraproject and 1 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-02 | 6.0 MEDIUM | N/A |
| Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request. | |||||
| CVE-2023-50328 | 1 Ibm | 1 Powersc | 2024-02-02 | N/A | 5.3 MEDIUM |
| IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110. | |||||
| CVE-2008-2575 | 1 Jcoppens | 1 Cbrpager | 2024-02-02 | 6.8 MEDIUM | N/A |
| cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename. | |||||
| CVE-2005-3119 | 1 Linux | 1 Linux Kernel | 2024-02-02 | 2.1 LOW | N/A |
| Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service (memory consumption) via a large number of authorization token keys. | |||||
| CVE-2023-50934 | 1 Ibm | 1 Powersc | 2024-02-02 | N/A | 5.3 MEDIUM |
| IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114. | |||||
| CVE-2003-0041 | 2 Mit, Redhat | 2 Kerberos Ftp Client, Linux | 2024-02-02 | 10.0 HIGH | N/A |
| Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client. | |||||
| CVE-2002-1898 | 1 Apple | 1 Mac Os X | 2024-02-02 | 7.2 HIGH | N/A |
| Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window. | |||||
| CVE-2023-50935 | 1 Ibm | 1 Powersc | 2024-02-02 | N/A | 6.5 MEDIUM |
| IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115. | |||||