Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20218 | 1 Cisco | 24 Spa500ds, Spa500ds Firmware, Spa500s and 21 more | 2023-08-09 | N/A | 6.1 MEDIUM |
| A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]] | |||||
| CVE-2023-3749 | 1 Johnsoncontrols | 1 Videoedge | 2023-08-09 | N/A | 5.5 MEDIUM |
| A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. | |||||
| CVE-2023-20181 | 1 Cisco | 24 Spa500ds, Spa500ds Firmware, Spa500s and 21 more | 2023-08-09 | N/A | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2023-33383 | 1 Shelly | 2 Pro 4pm, Pro 4pm Firmware | 2023-08-09 | N/A | 5.3 MEDIUM |
| Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload. | |||||
| CVE-2023-20795 | 2 Google, Mediatek | 35 Android, Mt6739, Mt6761 and 32 more | 2023-08-09 | N/A | 6.7 MEDIUM |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07864900; Issue ID: ALPS07864900. | |||||
| CVE-2023-20793 | 2 Google, Mediatek | 14 Android, Mt6853, Mt6853t and 11 more | 2023-08-09 | N/A | 4.4 MEDIUM |
| In apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767818; Issue ID: ALPS07767818. | |||||
| CVE-2023-20801 | 3 Google, Linuxfoundation, Mediatek | 9 Android, Yocto, Mt6879 and 6 more | 2023-08-09 | N/A | 6.4 MEDIUM |
| In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968. | |||||
| CVE-2023-20798 | 2 Google, Mediatek | 12 Android, Mt2713, Mt6855 and 9 more | 2023-08-09 | N/A | 4.4 MEDIUM |
| In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076. | |||||
| CVE-2023-20797 | 2 Google, Mediatek | 9 Android, Mt6879, Mt6886 and 6 more | 2023-08-09 | N/A | 6.7 MEDIUM |
| In camera middleware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629582; Issue ID: ALPS07629582. | |||||
| CVE-2023-20800 | 3 Google, Linuxfoundation, Mediatek | 9 Android, Yocto, Mt6879 and 6 more | 2023-08-09 | N/A | 6.5 MEDIUM |
| In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420955. | |||||
| CVE-2023-38695 | 1 Simonsmith | 1 Cypress Image Snapshot | 2023-08-09 | N/A | 6.5 MEDIUM |
| cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in version 8.0.2. | |||||
| CVE-2023-4157 | 1 Omeka | 1 Omeka S | 2023-08-09 | N/A | 4.8 MEDIUM |
| Improper Input Validation in GitHub repository omeka/omeka-s prior to 4.0.3. | |||||
| CVE-2023-30950 | 1 Palantir | 1 Foundry Campaigns | 2023-08-09 | N/A | 5.9 MEDIUM |
| The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint | |||||
| CVE-2021-34600 | 1 Telenot | 1 Compasx | 2023-08-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation. | |||||
| CVE-2018-17437 | 1 Hdfgroup | 1 Hdf5 | 2023-08-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file. | |||||
| CVE-2018-17434 | 1 Hdfgroup | 1 Hdf5 | 2023-08-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. | |||||
| CVE-2018-17237 | 1 Hdfgroup | 1 Hdf5 | 2023-08-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207. | |||||
| CVE-2018-17234 | 1 Hdfgroup | 1 Hdf5 | 2023-08-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file. | |||||
| CVE-2018-17233 | 1 Hdfgroup | 1 Hdf5 | 2023-08-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. | |||||
| CVE-2023-4158 | 1 Omeka | 1 Omeka S | 2023-08-08 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3. | |||||
| CVE-2022-41401 | 1 Openrefine | 1 Openrefine | 2023-08-08 | N/A | 6.5 MEDIUM |
| OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure. | |||||
| CVE-2023-38964 | 1 Creativeitem | 1 Academy Learning Management System | 2023-08-08 | N/A | 6.1 MEDIUM |
| Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2023-39112 | 1 Shopex | 1 Ecshop | 2023-08-08 | N/A | 6.5 MEDIUM |
| ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel. | |||||
| CVE-2023-25524 | 1 Nvidia | 1 Omniverse Launcher | 2023-08-08 | N/A | 5.3 MEDIUM |
| NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure. | |||||
| CVE-2023-4138 | 1 Ikus-soft | 1 Rdiffweb | 2023-08-08 | N/A | 6.5 MEDIUM |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.0. | |||||
| CVE-2023-4145 | 1 Pimcore | 1 Customer Data Framework | 2023-08-08 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2. | |||||
| CVE-2023-30952 | 1 Palantir | 1 Foundry | 2023-08-08 | N/A | 4.3 MEDIUM |
| A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 . | |||||
| CVE-2023-20204 | 1 Cisco | 3 Broadworks Application Delivery Platform, Broadworks Application Server, Broadworks Xtended Services Platform | 2023-08-08 | N/A | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2023-30958 | 1 Zabbix | 1 Frontend | 2023-08-08 | N/A | 6.1 MEDIUM |
| A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0. | |||||
| CVE-2023-36158 | 1 Toll Tax Management System Project | 1 Toll Tax Management System | 2023-08-08 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page. | |||||
| CVE-2023-36137 | 1 Phpjabbers | 1 Class Scheduling System | 2023-08-08 | N/A | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0. | |||||
| CVE-2023-38991 | 1 Jeesite | 1 Jeesite | 2023-08-08 | N/A | 5.4 MEDIUM |
| An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator. | |||||
| CVE-2023-39343 | 1 Sulu | 1 Sulu | 2023-08-08 | N/A | 4.3 MEDIUM |
| Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10. | |||||
| CVE-2023-4002 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies. | |||||
| CVE-2023-4119 | 1 Creativeitem | 1 Academy Lms | 2023-08-08 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The manipulation of the argument query/sort_by leads to cross site scripting. The attack can be initiated remotely. VDB-235966 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-39552 | 1 Online Security Guards Hiring System Project | 1 Online Security Guards Hiring System | 2023-08-08 | N/A | 6.1 MEDIUM |
| PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to Cross-Site Scripting (XSS). | |||||
| CVE-2023-4118 | 1 Iscute | 1 Cute Http File Server | 2023-08-08 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. This affects an unknown part of the component Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235965 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3932 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. | |||||
| CVE-2023-3348 | 1 Cloudflare | 1 Wrangler | 2023-08-08 | N/A | 5.7 MEDIUM |
| The Wrangler command line tool (<=wrangler@3.1.0) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server. | |||||
| CVE-2023-3329 | 1 Spidercontrol | 1 Scadawebserver | 2023-08-08 | N/A | 6.5 MEDIUM |
| SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition. | |||||
| CVE-2023-39114 | 1 Ngiflib Project | 1 Ngiflib | 2023-08-08 | N/A | 5.5 MEDIUM |
| ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif. | |||||
| CVE-2023-39113 | 1 Ngiflib Project | 1 Ngiflib | 2023-08-08 | N/A | 5.5 MEDIUM |
| ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga. | |||||
| CVE-2023-36858 | 3 Apple, F5, Microsoft | 4 Macos, Access Policy Manager Clients, Big-ip Access Policy Manager and 1 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-4127 | 1 Answer | 1 Answer | 2023-08-08 | N/A | 5.9 MEDIUM |
| Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1. | |||||
| CVE-2023-4124 | 1 Answer | 1 Answer | 2023-08-08 | N/A | 6.5 MEDIUM |
| Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1. | |||||
| CVE-2023-3180 | 1 Qemu | 1 Qemu | 2023-08-08 | N/A | 6.5 MEDIUM |
| A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. | |||||
| CVE-2023-37559 | 1 Codesys | 16 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 13 more | 2023-08-08 | N/A | 6.5 MEDIUM |
| After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37558 | |||||
| CVE-2023-37558 | 1 Codesys | 16 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 13 more | 2023-08-08 | N/A | 6.5 MEDIUM |
| After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559 | |||||
| CVE-2023-37557 | 1 Codesys | 16 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 13 more | 2023-08-08 | N/A | 6.5 MEDIUM |
| After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition. | |||||
| CVE-2023-37556 | 1 Codesys | 16 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 13 more | 2023-08-08 | N/A | 6.5 MEDIUM |
| In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37555. | |||||