Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45283 | 2 Golang, Microsoft | 2 Go, Windows | 2023-12-14 | N/A | 7.5 HIGH |
| The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example, the path \??\c:\x is equivalent to the more common path c:\x. Before fix, Clean could convert a rooted path such as \a\..\??\b into the root local device path \??\b. Clean will now convert this to .\??\b. Similarly, Join(\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \??\b. Join will now convert this to \.\??\b. In addition, with fix, IsAbs now correctly reports paths beginning with \??\ as absolute, and VolumeName correctly reports the \??\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \?, resulting in filepath.Clean(\?\c:) returning \?\c: rather than \?\c:\ (among other effects). The previous behavior has been restored. | |||||
| CVE-2023-5978 | 1 Freebsd | 1 Freebsd | 2023-12-14 | N/A | 7.5 HIGH |
| In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. This could permit the application to resolve domain names that were previously restricted. | |||||
| CVE-2023-5941 | 1 Freebsd | 1 Freebsd | 2023-12-14 | N/A | 9.8 CRITICAL |
| In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error. Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program. | |||||
| CVE-2023-46848 | 2 Redhat, Squid-cache | 5 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux Server Aus and 2 more | 2023-12-14 | N/A | 7.5 HIGH |
| Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. | |||||
| CVE-2023-41164 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2023-12-14 | N/A | 7.5 HIGH |
| In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. | |||||
| CVE-2023-46695 | 1 Djangoproject | 1 Django | 2023-12-14 | N/A | 7.5 HIGH |
| An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. | |||||
| CVE-2023-46389 | 1 Loytec | 4 Linx-151, Linx-151 Firmware, Linx-212 and 1 more | 2023-12-14 | N/A | 7.5 HIGH |
| LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 Firmware 7.2.4 are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration. | |||||
| CVE-2023-46388 | 1 Loytec | 4 Linx-151, Linx-151 Firmware, Linx-212 and 1 more | 2023-12-14 | N/A | 7.5 HIGH |
| LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. | |||||
| CVE-2023-46387 | 1 Loytec | 4 Linx-151, Linx-151 Firmware, Linx-212 and 1 more | 2023-12-14 | N/A | 7.5 HIGH |
| LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration. | |||||
| CVE-2023-46386 | 1 Loytec | 4 Linx-151, Linx-151 Firmware, Linx-212 and 1 more | 2023-12-14 | N/A | 7.5 HIGH |
| LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. | |||||
| CVE-2023-46385 | 1 Loytec | 1 L-inx Configurator | 2023-12-14 | N/A | 7.5 HIGH |
| LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration. | |||||
| CVE-2023-46384 | 1 Loytec | 1 L-inx Configurator | 2023-12-14 | N/A | 7.5 HIGH |
| LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device. | |||||
| CVE-2023-46383 | 1 Loytec | 1 L-inx Configurator | 2023-12-14 | N/A | 7.5 HIGH |
| LOYTEC electronics GmbH LINX Configurator 7.4.10 uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration. | |||||
| CVE-2023-46382 | 1 Loytec | 6 Linx-212, Linx-212 Firmware, Liob-586 and 3 more | 2023-12-14 | N/A | 7.5 HIGH |
| LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login. | |||||
| CVE-2023-46381 | 1 Loytec | 6 Linx-212, Linx-212 Firmware, Liob-586 and 3 more | 2023-12-14 | N/A | 8.2 HIGH |
| LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. | |||||
| CVE-2023-46380 | 1 Loytec | 6 Linx-212, Linx-212 Firmware, Liob-586 and 3 more | 2023-12-14 | N/A | 7.5 HIGH |
| LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP. | |||||
| CVE-2023-41627 | 1 O-ran-sc | 1 Ric Message Router | 2023-12-14 | N/A | 7.5 HIGH |
| O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing attackers to send forged routing tables to the device. | |||||
| CVE-2023-40998 | 1 O-ran-sc | 1 Ric Message Router | 2023-12-14 | N/A | 7.5 HIGH |
| Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component. | |||||
| CVE-2023-40997 | 1 O-ran-sc | 1 Ric Message Router | 2023-12-14 | N/A | 7.5 HIGH |
| Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet. | |||||
| CVE-2023-2247 | 1 Octopus | 1 Octopus Deploy | 2023-12-14 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function | |||||
| CVE-2023-47100 | 1 Perl | 1 Perl | 2023-12-14 | N/A | 9.8 CRITICAL |
| In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. | |||||
| CVE-2023-5984 | 1 Schneider-electric | 4 Ion8650, Ion8650 Firmware, Ion8800 and 1 more | 2023-12-14 | N/A | 4.9 MEDIUM |
| A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device. | |||||
| CVE-2023-49080 | 1 Jupyter | 1 Jupyter Server | 2023-12-14 | N/A | 4.3 MEDIUM |
| The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment. A fix has been introduced in commit `0056c3aa52` which no longer includes traceback information in JSON error responses. For compatibility, the traceback field is present, but always empty. This commit has been included in version 2.11.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2019-17362 | 2 Debian, Libtom | 2 Debian Linux, Libtomcrypt | 2023-12-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data. | |||||
| CVE-2023-36585 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1809, Windows 10 21h1 and 8 more | 2023-12-14 | N/A | 7.5 HIGH |
| Windows upnphost.dll Denial of Service Vulnerability | |||||
| CVE-2023-46118 | 1 Vmware | 1 Rabbitmq | 2023-12-14 | N/A | 4.9 MEDIUM |
| RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7. | |||||
| CVE-2023-30223 | 1 4d | 1 Server | 2023-12-14 | N/A | 7.5 HIGH |
| A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions. | |||||
| CVE-2023-30222 | 1 4d | 1 Server | 2023-12-14 | N/A | 7.5 HIGH |
| An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping. | |||||
| CVE-2023-36651 | 1 Prolion | 1 Cryptospike | 2023-12-14 | N/A | 7.2 HIGH |
| Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials. | |||||
| CVE-2023-42476 | 1 Sap | 1 Businessobjects Web Intelligence | 2023-12-14 | N/A | 6.8 MEDIUM |
| SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases. | |||||
| CVE-2023-36647 | 1 Prolion | 1 Cryptospike | 2023-12-14 | N/A | 7.5 HIGH |
| A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens. | |||||
| CVE-2023-42481 | 1 Sap | 1 Commerce Cloud | 2023-12-13 | N/A | 8.1 HIGH |
| In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. This leads to a considerable impact on confidentiality and integrity. | |||||
| CVE-2023-36650 | 1 Prolion | 1 Cryptospike | 2023-12-13 | N/A | 7.2 HIGH |
| A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages. | |||||
| CVE-2023-36648 | 1 Prolion | 1 Cryptospike | 2023-12-13 | N/A | 8.2 HIGH |
| Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer). | |||||
| CVE-2023-42874 | 1 Apple | 1 Macos | 2023-12-13 | N/A | 2.4 LOW |
| This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard. | |||||
| CVE-2023-42478 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2023-12-13 | N/A | 7.6 HIGH |
| SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application. | |||||
| CVE-2023-42898 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-13 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead to arbitrary code execution. | |||||
| CVE-2023-6679 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2023-12-13 | N/A | 5.5 MEDIUM |
| A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service. | |||||
| CVE-2023-6194 | 1 Eclipse | 1 Memory Analyzer | 2023-12-13 | N/A | 7.1 HIGH |
| In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition. | |||||
| CVE-2023-5500 | 1 Frauscher | 1 Frauscher Diagnostic System 102 | 2023-12-13 | N/A | 8.8 HIGH |
| This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device. | |||||
| CVE-2023-6656 | 1 Iperov | 1 Deepfacelab | 2023-12-13 | N/A | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. It has been rated as critical. Affected by this issue is some unknown functionality of the file DFLIMG/DFLJPG.py. The manipulation leads to deserialization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-247364. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-20204 | 3 Debian, Fedoraproject, Getdata Project | 3 Debian Linux, Fedora, Getdata | 2023-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker. | |||||
| CVE-2021-30498 | 2 Fedoraproject, Libcaca Project | 2 Fedora, Libcaca | 2023-12-13 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences. | |||||
| CVE-2020-25725 | 2 Fedoraproject, Xpdfreader | 2 Fedora, Xpdf | 2023-12-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font. | |||||
| CVE-2023-41835 | 1 Apache | 1 Struts | 2023-12-13 | N/A | 7.5 HIGH |
| When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue. | |||||
| CVE-2023-43304 | 1 Linecorp | 1 Line | 2023-12-13 | N/A | 8.2 HIGH |
| An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43303 | 1 Linecorp | 1 Line | 2023-12-13 | N/A | 8.2 HIGH |
| An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43302 | 1 Linecorp | 1 Line | 2023-12-13 | N/A | 8.2 HIGH |
| An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43301 | 1 Linecorp | 1 Line | 2023-12-13 | N/A | 8.2 HIGH |
| An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43300 | 1 Linecorp | 1 Line | 2023-12-13 | N/A | 8.2 HIGH |
| An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||