Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9434 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||||
| CVE-2016-9433 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (out-of-bounds array access) via a crafted HTML page. | |||||
| CVE-2016-9432 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (memory corruption, segmentation fault, and crash) via a crafted HTML page. | |||||
| CVE-2016-9431 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |||||
| CVE-2016-9430 | 1 Tats | 1 W3m | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |||||
| CVE-2023-49088 | 1 Cacti | 1 Cacti | 2023-12-29 | N/A | 4.8 MEDIUM |
| Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://<HOST>/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti. | |||||
| CVE-2023-49790 | 1 Nextcloud | 1 Nextcloud | 2023-12-29 | N/A | 4.3 MEDIUM |
| The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available. | |||||
| CVE-2023-5056 | 1 Redhat | 2 Enterprise Linux, Service Interconnect | 2023-12-29 | N/A | 4.1 MEDIUM |
| A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview. | |||||
| CVE-2015-1239 | 3 Debian, Google, Uclouvain | 4 Debian Linux, Chrome, Pdfium and 1 more | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF. | |||||
| CVE-2023-30754 | 1 Wp Foxly | 1 Adfoxly | 2023-12-29 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt plugin <= 1.8.5 versions. | |||||
| CVE-2023-5115 | 2 Debian, Redhat | 5 Debian Linux, Ansible Automation Platform, Ansible Developer and 2 more | 2023-12-29 | N/A | 6.3 MEDIUM |
| An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path. | |||||
| CVE-2020-14297 | 1 Redhat | 6 Amq, Jboss-ejb-client, Jboss Enterprise Application Platform Continuous Delivery and 3 more | 2023-12-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable. | |||||
| CVE-2021-27075 | 1 Microsoft | 5 Azure Container Instances, Azure Container Registry, Azure Kubernetes Service and 2 more | 2023-12-29 | 2.7 LOW | 6.8 MEDIUM |
| Azure Virtual Machine Information Disclosure Vulnerability | |||||
| CVE-2021-27074 | 1 Microsoft | 1 Azure Sphere | 2023-12-29 | 4.9 MEDIUM | 6.2 MEDIUM |
| Azure Sphere Unsigned Code Execution Vulnerability | |||||
| CVE-2021-27066 | 1 Microsoft | 1 Windows Admin Center | 2023-12-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| Windows Admin Center Security Feature Bypass Vulnerability | |||||
| CVE-2021-27052 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2023-12-29 | 4.0 MEDIUM | 5.3 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2021-26854 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 6.5 MEDIUM | 6.6 MEDIUM |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-24104 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-29 | 5.8 MEDIUM | 4.6 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2021-24114 | 1 Microsoft | 1 Teams | 2023-12-29 | 3.5 LOW | 5.7 MEDIUM |
| Microsoft Teams iOS Information Disclosure Vulnerability | |||||
| CVE-2021-24113 | 1 Microsoft | 1 Edge Chromium | 2023-12-29 | 5.8 MEDIUM | 5.4 MEDIUM |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2021-24109 | 1 Microsoft | 1 Azure Kubernetes Service | 2023-12-29 | 6.0 MEDIUM | 6.8 MEDIUM |
| Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-24101 | 1 Microsoft | 1 Dynamics 365 | 2023-12-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Microsoft Dataverse Information Disclosure Vulnerability | |||||
| CVE-2021-24100 | 1 Microsoft | 1 Edge | 2023-12-29 | 2.6 LOW | 5.0 MEDIUM |
| Microsoft Edge for Android Information Disclosure Vulnerability | |||||
| CVE-2021-24099 | 1 Microsoft | 2 Lync Server, Skype For Business Server | 2023-12-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Skype for Business and Lync Denial of Service Vulnerability | |||||
| CVE-2021-24085 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 6.0 MEDIUM | 6.5 MEDIUM |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2021-24073 | 1 Microsoft | 2 Lync Server, Skype For Business Server | 2023-12-29 | 5.8 MEDIUM | 6.5 MEDIUM |
| Skype for Business and Lync Spoofing Vulnerability | |||||
| CVE-2021-24071 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-29 | 4.0 MEDIUM | 5.3 MEDIUM |
| Microsoft SharePoint Information Disclosure Vulnerability | |||||
| CVE-2021-1730 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 5.8 MEDIUM | 5.4 MEDIUM |
| <p>A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.</p> <p>This update addresses this vulnerability.</p> <p>To prevent these types of attacks, Microsoft recommends customers to download inline images from different DNSdomains than the rest of OWA. Please see further instructions in the FAQ to put in place this mitigations.</p> | |||||
| CVE-2021-1724 | 1 Microsoft | 2 Dynamics 365 Business Central, Dynamics Nav | 2023-12-29 | 2.3 LOW | 6.1 MEDIUM |
| Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | |||||
| CVE-2021-1721 | 1 Microsoft | 5 .net, .net Core, Powershell Core and 2 more | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| .NET Core and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2021-1725 | 1 Microsoft | 1 Bot Framework Software Development Kit | 2023-12-29 | 2.1 LOW | 5.5 MEDIUM |
| Bot Framework SDK Information Disclosure Vulnerability | |||||
| CVE-2021-1717 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-29 | 5.8 MEDIUM | 4.6 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2021-1705 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2023-12-29 | 7.6 HIGH | 4.2 MEDIUM |
| Microsoft Edge (HTML-based) Memory Corruption Vulnerability | |||||
| CVE-2021-1677 | 1 Microsoft | 1 Azure Kubernetes Service | 2023-12-29 | 2.1 LOW | 5.5 MEDIUM |
| Azure Active Directory Pod Identity Spoofing Vulnerability | |||||
| CVE-2021-1641 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-29 | 5.8 MEDIUM | 4.6 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2023-46104 | 1 Apache | 1 Superset | 2023-12-29 | N/A | 6.5 MEDIUM |
| Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1. | |||||
| CVE-2019-25157 | 1 Ethex | 1 Ethex Contracts | 2023-12-29 | N/A | 4.3 MEDIUM |
| A vulnerability was found in Ethex Contracts. It has been classified as critical. This affects an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 6b8664b698d3d953e16c284fadc6caeb9e58e3db. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248271. | |||||
| CVE-2014-125107 | 1 Corveda | 1 Phpsandbox | 2023-12-29 | N/A | 5.3 MEDIUM |
| A vulnerability was found in Corveda PHPSandbox 1.3.4 and classified as critical. Affected by this issue is some unknown functionality of the component String Handler. The manipulation leads to protection mechanism failure. The attack may be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The patch is identified as 48fde5ffa4d76014bad260a3cbab7ada3744a4cc. It is recommended to upgrade the affected component. VDB-248270 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-41166 | 1 Stormshield | 1 Stormshield Network Security | 2023-12-29 | N/A | 5.3 MEDIUM |
| An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands. | |||||
| CVE-2023-47093 | 1 Stormshield | 1 Stormshield Network Security | 2023-12-29 | N/A | 6.5 MEDIUM |
| An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine. | |||||
| CVE-2023-28025 | 1 Hcltech | 1 Bigfix Modern Client Management | 2023-12-29 | N/A | 4.8 MEDIUM |
| Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed and stored in the server storage. | |||||
| CVE-2023-6122 | 1 Softomi | 1 Advanced C2c Marketplace Software | 2023-12-29 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ?stanbul Soft Informatics and Consultancy Limited Company Softomi Geli?mi? C2C Pazaryeri Yaz?l?m? allows Reflected XSS.This issue affects Softomi Geli?mi? C2C Pazaryeri Yaz?l?m?: before 12122023. | |||||
| CVE-2023-50703 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2023-12-29 | N/A | 5.9 MEDIUM |
| An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application. | |||||
| CVE-2023-50704 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2023-12-29 | N/A | 6.1 MEDIUM |
| An attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users. | |||||
| CVE-2023-50705 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2023-12-29 | N/A | 5.3 MEDIUM |
| An attacker could create malicious requests to obtain sensitive information about the web server. | |||||
| CVE-2023-46645 | 1 Github | 1 Enterprise Server | 2023-12-29 | N/A | 4.9 MEDIUM |
| A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-50706 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2023-12-29 | N/A | 4.3 MEDIUM |
| A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens. | |||||
| CVE-2023-46646 | 1 Github | 1 Enterprise Server | 2023-12-29 | N/A | 5.3 MEDIUM |
| Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0. | |||||
| CVE-2023-51379 | 1 Github | 1 Enterprise Server | 2023-12-29 | N/A | 4.9 MEDIUM |
| An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | |||||
| CVE-2019-18359 | 1 Glensawyer | 1 Mp3gain | 2023-12-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service. | |||||