Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33363 | 1 Supremainc | 1 Biostar 2 | 2023-08-08 | N/A | 7.5 HIGH |
| An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers. | |||||
| CVE-2023-36884 | 1 Microsoft | 14 Office, Windows 10 1507, Windows 10 1607 and 11 more | 2023-08-08 | N/A | 7.5 HIGH |
| Windows Search Remote Code Execution Vulnerability | |||||
| CVE-2022-34453 | 1 Dell | 2 Xtremio X2, Xtremio X2 Firmware | 2023-08-08 | N/A | 7.1 HIGH |
| Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default. | |||||
| CVE-2023-39121 | 1 Emlog | 1 Emlog | 2023-08-08 | N/A | 7.2 HIGH |
| emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php. | |||||
| CVE-2023-38950 | 1 Zkteco | 1 Biotime | 2023-08-08 | N/A | 7.5 HIGH |
| A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. | |||||
| CVE-2023-38949 | 1 Zkteco | 1 Biotime | 2023-08-08 | N/A | 7.5 HIGH |
| An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request. | |||||
| CVE-2023-36135 | 1 Phpjabbers | 1 Class Scheduling System | 2023-08-08 | N/A | 7.5 HIGH |
| User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-38952 | 1 Zkteco | 1 Biotime | 2023-08-08 | N/A | 7.5 HIGH |
| Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system. | |||||
| CVE-2023-30146 | 1 Assmann | 2 Ht-ip211hdp, Ht-ip211hdp Firmware | 2023-08-08 | N/A | 7.5 HIGH |
| Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials. | |||||
| CVE-2023-31432 | 1 Broadcom | 1 Brocade Fabric Operating System | 2023-08-08 | N/A | 7.8 HIGH |
| Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0. | |||||
| CVE-2023-4141 | 1 Smackcoders | 1 Wp Ultimate Csv Importer | 2023-08-08 | N/A | 8.8 HIGH |
| The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution. | |||||
| CVE-2023-4140 | 1 Smackcoders | 1 Wp Ultimate Csv Importer | 2023-08-08 | N/A | 8.8 HIGH |
| The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter. | |||||
| CVE-2023-4139 | 1 Smackcoders | 1 Wp Ultimate Csv Importer | 2023-08-08 | N/A | 7.5 HIGH |
| The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files. | |||||
| CVE-2023-4142 | 1 Smackcoders | 1 Wp Ultimate Csv Importer | 2023-08-08 | N/A | 8.8 HIGH |
| The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution. | |||||
| CVE-2023-32764 | 2 Fabasoft, Microsoft | 4 Cloud, Cloud Enterprise Client, Folio \/ Egov-suite and 1 more | 2023-08-08 | N/A | 7.8 HIGH |
| Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator. | |||||
| CVE-2023-33364 | 1 Supremainc | 1 Biostar 2 | 2023-08-08 | N/A | 8.8 HIGH |
| An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server. | |||||
| CVE-2023-38748 | 1 Omron | 1 Cx-programmer | 2023-08-08 | N/A | 7.8 HIGH |
| Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. | |||||
| CVE-2023-38747 | 1 Omron | 1 Cx-programmer | 2023-08-08 | N/A | 7.8 HIGH |
| Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. | |||||
| CVE-2023-38746 | 1 Omron | 1 Cx-programmer | 2023-08-08 | N/A | 7.8 HIGH |
| Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. | |||||
| CVE-2023-38418 | 1 F5 | 2 Access Policy Manager Clients, Big-ip Access Policy Manager | 2023-08-08 | N/A | 7.8 HIGH |
| The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-3494 | 1 Freebsd | 1 Freebsd | 2023-08-08 | N/A | 8.8 HIGH |
| The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process. | |||||
| CVE-2023-3718 | 1 Hpe | 27 Aruba Cx 10000-48y6, Aruba Cx 4100i, Aruba Cx 6000 12g and 24 more | 2023-08-08 | N/A | 8.8 HIGH |
| An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX. | |||||
| CVE-2023-4126 | 1 Answer | 1 Answer | 2023-08-08 | N/A | 8.8 HIGH |
| Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0. | |||||
| CVE-2023-4125 | 1 Answer | 1 Answer | 2023-08-08 | N/A | 8.8 HIGH |
| Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0. | |||||
| CVE-2023-25600 | 1 Insyde | 1 Insydecrpkg | 2023-08-08 | N/A | 7.1 HIGH |
| An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016. | |||||
| CVE-2022-4046 | 1 Codesys | 14 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 11 more | 2023-08-08 | N/A | 8.8 HIGH |
| In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device. | |||||
| CVE-2023-3662 | 1 Codesys | 1 Development System | 2023-08-08 | N/A | 7.3 HIGH |
| In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context . | |||||
| CVE-2023-3663 | 1 Codesys | 1 Development System | 2023-08-08 | N/A | 8.8 HIGH |
| In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server. | |||||
| CVE-2023-37497 | 1 Hcltech | 1 Unica | 2023-08-08 | N/A | 8.8 HIGH |
| The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service. | |||||
| CVE-2023-34196 | 1 Keyfactor | 1 Ejbca | 2023-08-08 | N/A | 8.2 HIGH |
| In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur. | |||||
| CVE-2023-37498 | 1 Hcltech | 1 Unica | 2023-08-08 | N/A | 8.8 HIGH |
| A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges. | |||||
| CVE-2023-22277 | 1 Omron | 1 Cx-programmer | 2023-08-08 | N/A | 7.8 HIGH |
| Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314. | |||||
| CVE-2023-22317 | 1 Omron | 1 Cx-programmer | 2023-08-08 | N/A | 7.8 HIGH |
| Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314. | |||||
| CVE-2023-22314 | 1 Omron | 1 Cx-programmer | 2023-08-08 | N/A | 7.8 HIGH |
| Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317. | |||||
| CVE-2022-20542 | 1 Google | 1 Android | 2023-08-08 | N/A | 7.8 HIGH |
| In parseParamsBlob of types.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083570 | |||||
| CVE-2022-20929 | 1 Cisco | 1 Enterprise Nfv Infrastructure Software | 2023-08-08 | N/A | 7.8 HIGH |
| A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system. | |||||
| CVE-2022-45552 | 1 Zbt | 2 We1626, We1626 Firmware | 2023-08-08 | N/A | 7.5 HIGH |
| An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory. | |||||
| CVE-2022-34908 | 1 Aremis | 1 Aremis 4 Nomads | 2023-08-08 | N/A | 7.5 HIGH |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data. | |||||
| CVE-2022-48363 | 1 Linuxfoundation | 1 Automotive Grade Linux | 2023-08-08 | N/A | 7.5 HIGH |
| In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer. | |||||
| CVE-2022-44216 | 1 Sir | 1 Gnuboard | 2023-08-08 | N/A | 7.5 HIGH |
| Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password. | |||||
| CVE-2021-3172 | 1 Php-fusion | 1 Php-fusion | 2023-08-08 | N/A | 8.1 HIGH |
| An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature. | |||||
| CVE-2022-47703 | 1 Tianjie | 2 Cpe906-3, Cpe906-3 Firmware | 2023-08-08 | N/A | 7.5 HIGH |
| TIANJIE CPE906-3 is vulnerable to password disclosure. This is present on Software Version WEB5.0_LCD_20200513, Firmware Version MV8.003, and Hardware Version CPF906-V5.0_LCD_20200513. | |||||
| CVE-2022-36369 | 1 Intel | 1 Qatzip | 2023-08-08 | N/A | 7.8 HIGH |
| Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-34854 | 1 Intel | 1 System Usage Report | 2023-08-08 | N/A | 7.8 HIGH |
| Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-34157 | 1 Intel | 2 Fpga Software Development Kit, Quartus Prime | 2023-08-08 | N/A | 7.8 HIGH |
| Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0187 | 1 Intel | 106 Xeon Gold 5315y, Xeon Gold 5315y Firmware, Xeon Gold 5317 and 103 more | 2023-08-08 | N/A | 8.2 HIGH |
| Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2022-40675 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2023-08-08 | N/A | 7.4 HIGH |
| Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. | |||||
| CVE-2022-43460 | 1 Fujifilm | 1 Driver Distributor | 2023-08-08 | N/A | 7.5 HIGH |
| Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted. | |||||
| CVE-2022-48302 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-08 | N/A | 7.5 HIGH |
| The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-48298 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-08 | N/A | 7.5 HIGH |
| The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access. | |||||