Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50351 | 1 Hcltech | 1 Dryice Myxalytics | 2024-01-09 | N/A | 9.1 CRITICAL |
| HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data. | |||||
| CVE-2023-33112 | 1 Qualcomm | 254 Ar8035, Ar8035 Firmware, Csra6620 and 251 more | 2024-01-09 | N/A | 7.5 HIGH |
| Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. | |||||
| CVE-2023-33062 | 1 Qualcomm | 580 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 577 more | 2024-01-09 | N/A | 7.5 HIGH |
| Transient DOS in WLAN Firmware while parsing a BTM request. | |||||
| CVE-2023-33040 | 1 Qualcomm | 288 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 285 more | 2024-01-09 | N/A | 7.5 HIGH |
| Transient DOS in Data Modem during DTLS handshake. | |||||
| CVE-2022-28995 | 1 Yogeshojha | 1 Rengine | 2024-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. | |||||
| CVE-2023-36719 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-01-09 | N/A | 7.8 HIGH |
| Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability | |||||
| CVE-2023-49555 | 1 Yasm Project | 1 Yasm | 2024-01-09 | N/A | 5.5 MEDIUM |
| An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component. | |||||
| CVE-2023-49556 | 1 Yasm Project | 1 Yasm | 2024-01-09 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component. | |||||
| CVE-2023-49557 | 1 Yasm Project | 1 Yasm | 2024-01-09 | N/A | 5.5 MEDIUM |
| An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component. | |||||
| CVE-2023-4280 | 1 Silabs | 1 Gecko Software Development Kit | 2024-01-09 | N/A | 9.8 CRITICAL |
| An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. | |||||
| CVE-2023-49558 | 1 Yasm Project | 1 Yasm | 2024-01-09 | N/A | 5.5 MEDIUM |
| An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component. | |||||
| CVE-2023-49553 | 1 Cesanta | 1 Mjs | 2024-01-09 | N/A | 7.5 HIGH |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file. | |||||
| CVE-2024-21629 | 1 Evm Project | 1 Evm | 2024-01-09 | N/A | 7.5 HIGH |
| Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operation` was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a `CREATE` or `CREATE2`, in the case that the substack execution happens successfully, `rust-evm` will first commit the substate, and then call `record_external_operation(Write(out_code.len()))`. If `record_external_operation` later fails, this error is returned to the parent call stack, instead of `Succeeded`. Yet, the substate commitment already happened. This causes smart contracts able to commit state changes, when the parent caller contract receives zero address (which usually indicates that the execution has failed). This issue only impacts library users with custom `record_external_operation` that returns errors. The issue is patched in release 0.41.1. No known workarounds are available. | |||||
| CVE-2023-49549 | 1 Cesanta | 1 Mjs | 2024-01-09 | N/A | 7.5 HIGH |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file. | |||||
| CVE-2023-48419 | 1 Google | 8 Home, Home Firmware, Home Mini and 5 more | 2024-01-09 | N/A | 9.8 CRITICAL |
| An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege | |||||
| CVE-2023-51673 | 1 Stylishpricelist | 1 Stylish Price List | 2024-01-09 | N/A | 9.8 CRITICAL |
| Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17. | |||||
| CVE-2023-46285 | 1 Siemens | 4 Opcenter Quality, Simatic Pcs Neo, Sinumerik Integrate Runmyhmi \/automotive and 1 more | 2024-01-09 | N/A | 7.5 HIGH |
| A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog. | |||||
| CVE-2022-30947 | 1 Jenkins | 1 Git | 2024-01-09 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | |||||
| CVE-2023-2541 | 1 Knime | 1 Business Hub | 2024-01-09 | N/A | 5.3 MEDIUM |
| The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed. | |||||
| CVE-2023-0558 | 1 Contentstudio | 1 Contentstudio | 2024-01-09 | N/A | 9.8 CRITICAL |
| The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys. | |||||
| CVE-2023-4966 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-01-09 | N/A | 7.5 HIGH |
| Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. | |||||
| CVE-2023-0004 | 2 Fedoraproject, Paloaltonetworks | 2 Fedora, Pan-os | 2024-01-09 | N/A | 6.5 MEDIUM |
| A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software. | |||||
| CVE-2023-41990 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-01-09 | N/A | 7.8 HIGH |
| The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. | |||||
| CVE-2023-45561 | 1 Linecorp | 1 Line | 2024-01-08 | N/A | 5.3 MEDIUM |
| An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | |||||
| CVE-2023-6113 | 1 Wp-staging | 1 Wp Staging | 2024-01-08 | N/A | 7.5 HIGH |
| The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later. | |||||
| CVE-2023-48732 | 1 Mattermost | 1 Mattermost Server | 2024-01-08 | N/A | 4.3 MEDIUM |
| Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel. | |||||
| CVE-2023-6271 | 1 Backupbliss | 1 Backup Migration | 2024-01-08 | N/A | 7.5 HIGH |
| The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups. | |||||
| CVE-2023-4579 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 3.1 LOW |
| Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117. | |||||
| CVE-2023-32208 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 5.3 MEDIUM |
| Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113. | |||||
| CVE-2023-43796 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2024-01-07 | N/A | 5.3 MEDIUM |
| Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver. | |||||
| CVE-2023-37210 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.5 MEDIUM |
| A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. | |||||
| CVE-2023-5729 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 4.3 MEDIUM |
| A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119. | |||||
| CVE-2023-32212 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-01-07 | N/A | 4.3 MEDIUM |
| An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
| CVE-2023-5723 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 5.3 MEDIUM |
| An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119. | |||||
| CVE-2023-37205 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.5 MEDIUM |
| The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115. | |||||
| CVE-2023-6863 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-01-07 | N/A | 8.8 HIGH |
| The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | |||||
| CVE-2023-6871 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 4.3 MEDIUM |
| Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121. | |||||
| CVE-2023-32211 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-01-07 | N/A | 6.5 MEDIUM |
| A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
| CVE-2023-6869 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.5 MEDIUM |
| A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121. | |||||
| CVE-2023-37203 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 7.8 HIGH |
| Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115. | |||||
| CVE-2023-6868 | 2 Google, Mozilla | 2 Android, Firefox | 2024-01-07 | N/A | 4.3 MEDIUM |
| In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121. | |||||
| CVE-2023-6865 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Firefox Esr | 2024-01-07 | N/A | 6.5 MEDIUM |
| `EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121. | |||||
| CVE-2023-6860 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-01-07 | N/A | 6.5 MEDIUM |
| The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | |||||
| CVE-2023-6872 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.5 MEDIUM |
| Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121. | |||||
| CVE-2023-32205 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-01-07 | N/A | 4.3 MEDIUM |
| In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
| CVE-2023-32214 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-01-07 | N/A | 7.5 HIGH |
| Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
| CVE-2023-6210 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.5 MEDIUM |
| When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120. | |||||
| CVE-2023-32210 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.5 MEDIUM |
| Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113. | |||||
| CVE-2023-37204 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 6.5 MEDIUM |
| A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. | |||||
| CVE-2023-6870 | 2 Google, Mozilla | 3 Android, Firefox, Firefox Focus | 2024-01-07 | N/A | 4.3 MEDIUM |
| Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121. | |||||