Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46142 | 1 Phoenixcontact | 17 Axc F 1152, Axc F 1152 Firmware, Axc F 2152 and 14 more | 2023-12-21 | N/A | 8.8 HIGH |
| A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices. | |||||
| CVE-2023-48380 | 1 Softnext | 1 Mail Sqr Expert | 2023-12-21 | N/A | 8.0 HIGH |
| Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. | |||||
| CVE-2023-48378 | 1 Softnext | 1 Mail Sqr Expert | 2023-12-21 | N/A | 7.5 HIGH |
| Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | |||||
| CVE-2023-6831 | 1 Lfprojects | 1 Mlflow | 2023-12-21 | N/A | 8.1 HIGH |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | |||||
| CVE-2023-49760 | 1 Giannopouloskostas | 1 Wpsoononlinepage | 2023-12-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas WPsoonOnlinePage.This issue affects WPsoonOnlinePage: from n/a through 1.9. | |||||
| CVE-2023-49759 | 1 Gvectors | 1 Woodiscuz - Woocommerce Comments | 2023-12-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.3.0. | |||||
| CVE-2023-49761 | 1 Gravitymaster | 1 Product Enquiry For Woocommerce | 2023-12-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Gravity Master Product Enquiry for WooCommerce.This issue affects Product Enquiry for WooCommerce: from n/a through 3.0. | |||||
| CVE-2023-49763 | 1 Creatomatic | 1 Csprite | 2023-12-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite.This issue affects CSprite: from n/a through 1.1. | |||||
| CVE-2023-46804 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 7.5 HIGH |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | |||||
| CVE-2023-46803 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 7.5 HIGH |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | |||||
| CVE-2023-6826 | 1 E2pdf | 1 E2pdf | 2023-12-21 | N/A | 7.2 HIGH |
| The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2023-6827 | 1 G5plus | 1 Essential Real Estate | 2023-12-21 | N/A | 8.8 HIGH |
| The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including, 4.3.5. This makes it possible for authenticated attackers with subscriber-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2018-2376 | 1 Sap | 1 Hana Extended Application Services | 2023-12-21 | 5.5 MEDIUM | 8.1 HIGH |
| In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. | |||||
| CVE-2018-2375 | 1 Sap | 1 Hana Extended Application Services | 2023-12-21 | 5.5 MEDIUM | 8.1 HIGH |
| In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. | |||||
| CVE-2018-2373 | 1 Sap | 1 Hana Extended Application Services | 2023-12-21 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0. | |||||
| CVE-2017-16680 | 1 Sap | 1 Hana Extended Application Services | 2023-12-21 | 5.0 MEDIUM | 7.5 HIGH |
| Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files could be hindered or misdirected. 2) User Account and Authentication writes audit logs into syslog and additionally writes the same audit entries into a log file. Entries in the log file miss escaping. Hence the interpretation of audit log files could be hindered or misdirected, while the entries in syslog are correct. | |||||
| CVE-2023-4734 | 2 Apple, Vim | 2 Macos, Vim | 2023-12-21 | N/A | 7.8 HIGH |
| Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. | |||||
| CVE-2023-31490 | 3 Debian, Fedoraproject, Frrouting | 3 Debian Linux, Fedora, Frrouting | 2023-12-21 | N/A | 7.5 HIGH |
| An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. | |||||
| CVE-2021-21665 | 1 Jenkins | 1 Xebialabs Xl Deploy | 2023-12-21 | 6.0 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins. | |||||
| CVE-2020-2241 | 1 Jenkins | 1 Database | 2023-12-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. | |||||
| CVE-2022-28136 | 1 Jenkins | 1 Jiratestresultreporter | 2023-12-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2023-5184 | 1 Zephyrproject | 1 Zephyr | 2023-12-21 | N/A | 8.8 HIGH |
| Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers. | |||||
| CVE-2022-47909 | 1 Tribe29 | 1 Checkmk | 2023-12-21 | N/A | 7.8 HIGH |
| Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost. | |||||
| CVE-2022-46836 | 1 Tribe29 | 1 Checkmk | 2023-12-21 | N/A | 8.8 HIGH |
| PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component. | |||||
| CVE-2023-22941 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-12-21 | N/A | 7.5 HIGH |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd). | |||||
| CVE-2023-22939 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-12-21 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. | |||||
| CVE-2023-22935 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-12-21 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. | |||||
| CVE-2022-26832 | 1 Microsoft | 11 .net Framework, Windows 10, Windows 11 and 8 more | 2023-12-21 | 5.0 MEDIUM | 7.5 HIGH |
| .NET Framework Denial of Service Vulnerability | |||||
| CVE-2022-24527 | 1 Microsoft | 1 Endpoint Configuration Manager | 2023-12-21 | 4.6 MEDIUM | 7.8 HIGH |
| Microsoft Endpoint Configuration Manager Elevation of Privilege Vulnerability | |||||
| CVE-2022-21965 | 1 Microsoft | 1 Teams | 2023-12-21 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft Teams Denial of Service Vulnerability | |||||
| CVE-2022-21957 | 1 Microsoft | 1 Dynamics 365 | 2023-12-21 | 6.5 MEDIUM | 7.2 HIGH |
| Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | |||||
| CVE-2022-21922 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-12-21 | 9.0 HIGH | 8.8 HIGH |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | |||||
| CVE-2022-21920 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-21 | 9.0 HIGH | 8.8 HIGH |
| Windows Kerberos Elevation of Privilege Vulnerability | |||||
| CVE-2022-21919 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-12-21 | 6.9 MEDIUM | 7.0 HIGH |
| Windows User Profile Service Elevation of Privilege Vulnerability | |||||
| CVE-2022-21917 | 1 Microsoft | 1 Hevc Video Extensions | 2023-12-21 | 9.3 HIGH | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2022-21916 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-21914 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||
| CVE-2022-21913 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-21 | 5.0 MEDIUM | 7.5 HIGH |
| Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass | |||||
| CVE-2022-21912 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2019 | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| DirectX Graphics Kernel Remote Code Execution Vulnerability | |||||
| CVE-2022-21911 | 1 Microsoft | 10 .net Framework, Windows 10, Windows 11 and 7 more | 2023-12-21 | 5.0 MEDIUM | 7.5 HIGH |
| .NET Framework Denial of Service Vulnerability | |||||
| CVE-2022-21910 | 1 Microsoft | 3 Windows Server, Windows Server 2016, Windows Server 2019 | 2023-12-21 | 4.6 MEDIUM | 7.8 HIGH |
| Microsoft Cluster Port Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-21908 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2022-21905 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-12-21 | 4.9 MEDIUM | 8.0 HIGH |
| Windows Hyper-V Security Feature Bypass Vulnerability | |||||
| CVE-2022-21904 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2023-12-21 | 5.0 MEDIUM | 7.5 HIGH |
| Windows GDI Information Disclosure Vulnerability | |||||
| CVE-2022-21903 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| Windows GDI Elevation of Privilege Vulnerability | |||||
| CVE-2022-21902 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2022-21901 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 8.1 and 4 more | 2023-12-21 | 7.7 HIGH | 8.0 HIGH |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||
| CVE-2022-21897 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-21896 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2023-12-21 | 6.9 MEDIUM | 7.0 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2022-21895 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Server and 3 more | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| Windows User Profile Service Elevation of Privilege Vulnerability | |||||