Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5843 | 1 Datafeedr | 1 Ads By Datafeedr.com | 2023-11-13 | N/A | 9.8 CRITICAL |
| The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily. | |||||
| CVE-2023-36022 | 1 Microsoft | 1 Edge Chromium | 2023-11-13 | N/A | 6.6 MEDIUM |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2023-36029 | 1 Microsoft | 1 Edge | 2023-11-13 | N/A | 4.3 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2023-36034 | 1 Microsoft | 1 Edge Chromium | 2023-11-13 | N/A | 7.3 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2023-0575 | 4 Apple, Linux, Microsoft and 1 more | 5 Iphone Os, Macos, Linux Kernel and 2 more | 2023-11-10 | N/A | 9.8 CRITICAL |
| External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0 | |||||
| CVE-2023-0574 | 1 Yugabyte | 1 Yugabytedb Managed | 2023-11-10 | N/A | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0 | |||||
| CVE-2023-39057 | 1 Lycorp | 1 Line Mini App | 2023-11-10 | N/A | 7.5 HIGH |
| An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39051 | 1 Lycorp | 1 Line Mini App | 2023-11-10 | N/A | 7.5 HIGH |
| An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39054 | 1 Lycorp | 1 Line Mini App | 2023-11-10 | N/A | 7.5 HIGH |
| An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39053 | 1 Lycorp | 1 Line Mini App | 2023-11-10 | N/A | 7.5 HIGH |
| An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39048 | 1 Lycorp | 1 Line Mini App | 2023-11-10 | N/A | 7.5 HIGH |
| An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39050 | 1 Lycorp | 1 Line Mini App | 2023-11-10 | N/A | 7.5 HIGH |
| An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39047 | 1 Lycorp | 1 Line Mini App | 2023-11-10 | N/A | 7.5 HIGH |
| An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39042 | 1 Lycorp | 1 Line Mini App | 2023-11-10 | N/A | 7.5 HIGH |
| An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-45189 | 1 Ibm | 1 Robotic Process Automation For Cloud Pak | 2023-11-09 | N/A | 6.5 MEDIUM |
| A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752. | |||||
| CVE-2023-46958 | 1 Lmxcms | 1 Lmxcms | 2023-11-09 | N/A | 9.8 CRITICAL |
| An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. | |||||
| CVE-2023-20246 | 2 Cisco, Snort | 2 Unified Threat Defense, Snort | 2023-11-09 | N/A | 5.3 MEDIUM |
| Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system. | |||||
| CVE-2023-20071 | 2 Cisco, Snort | 5 Cyber Vision, Firepower Threat Defense, Meraki Mx Security Appliance Firmware and 2 more | 2023-11-09 | N/A | 5.8 MEDIUM |
| Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and deliver a malicious payload. | |||||
| CVE-2023-5920 | 2 Apple, Mattermost | 2 Macos, Mattermost Desktop | 2023-11-09 | N/A | 3.3 LOW |
| Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. | |||||
| CVE-2023-20247 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2023-11-09 | N/A | 4.3 MEDIUM |
| A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect using only a valid username and password. This vulnerability is due to improper error handling during remote access VPN authentication. An attacker could exploit this vulnerability by sending crafted requests during remote access VPN session establishment. A successful exploit could allow the attacker to bypass the configured multiple certificate authentication policy while retaining the privileges and permissions associated with the original connection profile. | |||||
| CVE-2023-5876 | 1 Mattermost | 1 Mattermost Desktop | 2023-11-09 | N/A | 5.3 MEDIUM |
| Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service. | |||||
| CVE-2023-20255 | 1 Cisco | 1 Meeting Server | 2023-11-09 | N/A | 5.3 MEDIUM |
| A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause a partial availability condition, which could cause ongoing video calls to be dropped due to the invalid packets reaching the Web Bridge. | |||||
| CVE-2023-20267 | 1 Cisco | 1 Firepower Threat Defense | 2023-11-09 | N/A | 5.3 MEDIUM |
| A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability by spoofing an IP address until they bypass the restriction. A successful exploit could allow the attacker to bypass location-based IP address restrictions. | |||||
| CVE-2023-5625 | 1 Redhat | 6 Enterprise Linux, Openshift Container Platform For Arm64, Openshift Container Platform For Linuxone and 3 more | 2023-11-09 | N/A | 7.5 HIGH |
| A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products. | |||||
| CVE-2022-1353 | 4 Debian, Linux, Netapp and 1 more | 19 Debian Linux, Linux Kernel, H300e and 16 more | 2023-11-09 | 3.6 LOW | 7.1 HIGH |
| A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | |||||
| CVE-2023-5363 | 3 Debian, Netapp, Openssl | 12 Debian Linux, H300s, H300s Firmware and 9 more | 2023-11-09 | N/A | 7.5 HIGH |
| Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue. | |||||
| CVE-2023-39291 | 1 Mitel | 1 Mivoice Connect | 2023-08-29 | N/A | 4.9 MEDIUM |
| A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information. | |||||
| CVE-2023-37427 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 7.2 HIGH |
| A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | |||||
| CVE-2023-37424 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 8.1 HIGH |
| A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | |||||
| CVE-2023-37379 | 1 Apache | 1 Airflow | 2023-08-29 | N/A | 8.1 HIGH |
| Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface. | |||||
| CVE-2023-38831 | 1 Rarlab | 1 Winrar | 2023-08-29 | N/A | 7.8 HIGH |
| RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023. | |||||
| CVE-2023-20115 | 1 Cisco | 81 Nexus 3048, Nexus 31108pc-v, Nexus 31108tc-v and 78 more | 2023-08-29 | N/A | 5.4 MEDIUM |
| A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user. There are workarounds that address this vulnerability. | |||||
| CVE-2023-24959 | 1 Ibm | 1 Infosphere Information Server | 2023-08-29 | N/A | 7.5 HIGH |
| IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332. | |||||
| CVE-2023-30437 | 1 Ibm | 1 Security Guardium | 2023-08-29 | N/A | 5.3 MEDIUM |
| IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293. | |||||
| CVE-2023-41100 | 1 Hcaptcha For Ext\ | 1 Form Project | 2023-08-28 | N/A | 5.3 MEDIUM |
| An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check. | |||||
| CVE-2023-3699 | 1 Asustor | 1 Data Master | 2023-08-28 | N/A | 5.5 MEDIUM |
| An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. | |||||
| CVE-2023-38666 | 1 Axiosys | 1 Bento4 | 2023-08-28 | N/A | 5.5 MEDIUM |
| Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt. | |||||
| CVE-2023-38996 | 1 Douran | 1 Dsgate | 2023-08-28 | N/A | 6.7 MEDIUM |
| An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command. | |||||
| CVE-2021-35309 | 1 Samsung | 1 Syncthru Web Service | 2023-08-28 | N/A | 7.5 HIGH |
| An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks. | |||||
| CVE-2020-21583 | 1 Kernel | 1 Util-linux | 2023-08-28 | N/A | 6.7 MEDIUM |
| An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date. | |||||
| CVE-2020-28715 | 1 Leeco | 2 Letv X43, Letv X43 Firmware | 2023-08-26 | N/A | 9.8 CRITICAL |
| An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). | |||||
| CVE-2023-40370 | 3 Ibm, Microsoft, Redhat | 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more | 2023-08-26 | N/A | 5.3 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470. | |||||
| CVE-2022-47696 | 1 Gnu | 1 Binutils | 2023-08-26 | N/A | 7.8 HIGH |
| An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. | |||||
| CVE-2022-47695 | 1 Gnu | 1 Binutils | 2023-08-26 | N/A | 7.8 HIGH |
| An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. | |||||
| CVE-2020-18770 | 1 Zziplib Project | 1 Zziplib | 2023-08-25 | N/A | 5.5 MEDIUM |
| An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service. | |||||
| CVE-2021-30047 | 1 Vsftpd Project | 1 Vsftpd | 2023-08-25 | N/A | 7.5 HIGH |
| VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed. | |||||
| CVE-2020-21723 | 1 Ogg Video Tools Project | 1 Ogg Video Tools | 2023-08-25 | N/A | 5.5 MEDIUM |
| A Segmentation Fault issue discovered StreamSerializer::extractStreams function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote attackers to cause a denial of service (crash) via opening of crafted ogg file. | |||||
| CVE-2020-26652 | 1 Realtek | 2 Rtl8812au, Rtl8812au Firmware | 2023-08-25 | N/A | 7.5 HIGH |
| An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service. | |||||
| CVE-2020-22916 | 1 Tukaani | 1 Xz | 2023-08-25 | N/A | 5.5 MEDIUM |
| An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of crafted file. | |||||
| CVE-2023-38906 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2023-08-25 | N/A | 6.5 MEDIUM |
| An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message. | |||||