Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26154 | 1 Pubnub | 4 C-core, Kotlin, Pubnub and 1 more | 2023-12-11 | N/A | 5.9 MEDIUM |
| Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message or file. **Note:** In order to exploit this vulnerability, the attacker needs to invest resources in preparing the attack and brute-force the encryption. | |||||
| CVE-2023-5008 | 1 Imsurajghosh | 1 Student Information System | 2023-12-11 | N/A | 9.8 CRITICAL |
| Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | |||||
| CVE-2023-6527 | 1 I13websolution | 1 Email Subscription Popup | 2023-12-11 | N/A | 6.1 MEDIUM |
| The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTP_REFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2023-2861 | 1 Qemu | 1 Qemu | 2023-12-11 | N/A | 7.1 HIGH |
| A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. | |||||
| CVE-2023-49463 | 1 Struktur | 1 Libheif | 2023-12-11 | N/A | 8.8 HIGH |
| libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc. | |||||
| CVE-2023-49462 | 1 Struktur | 1 Libheif | 2023-12-11 | N/A | 8.8 HIGH |
| libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc. | |||||
| CVE-2023-49460 | 1 Struktur | 1 Libheif | 2023-12-11 | N/A | 8.8 HIGH |
| libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image. | |||||
| CVE-2023-49464 | 1 Struktur | 1 Libheif | 2023-12-11 | N/A | 8.8 HIGH |
| libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci. | |||||
| CVE-2023-45210 | 1 Pleasanter | 1 Pleasanter | 2023-12-11 | N/A | 4.3 MEDIUM |
| Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access. | |||||
| CVE-2023-46688 | 1 Pleasanter | 1 Pleasanter | 2023-12-11 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. | |||||
| CVE-2023-48849 | 1 Ruijie | 42 Rg-eg1000c, Rg-eg1000c Firmware, Rg-eg1000e and 39 more | 2023-12-11 | N/A | 9.8 CRITICAL |
| Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering. | |||||
| CVE-2023-44099 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-11 | N/A | 7.5 HIGH |
| Vulnerability of data verification errors in the kernel module. Successful exploitation of this vulnerability may cause WLAN interruption. | |||||
| CVE-2023-44113 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-11 | N/A | 7.5 HIGH |
| Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-46773 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-11 | N/A | 9.8 CRITICAL |
| Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation. | |||||
| CVE-2023-49239 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-11 | N/A | 7.5 HIGH |
| Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-49240 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-11 | N/A | 7.5 HIGH |
| Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-42573 | 1 Samsung | 1 Search Widget | 2023-12-11 | N/A | 5.5 MEDIUM |
| PendingIntent hijacking vulnerability in Search Widget prior to version 3.4 in China models allows local attackers to access data. | |||||
| CVE-2023-42575 | 1 Samsung | 1 Pass | 2023-12-11 | N/A | 6.8 MEDIUM |
| Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting. | |||||
| CVE-2023-42574 | 1 Samsung | 1 Gamehomecn | 2023-12-11 | N/A | 7.8 HIGH |
| Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2 allows local attackers to launch arbitrary activity in GameHomeCN. | |||||
| CVE-2023-42576 | 1 Samsung | 1 Pass | 2023-12-11 | N/A | 6.8 MEDIUM |
| Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler. | |||||
| CVE-2023-42577 | 1 Samsung | 2 Android, Samsung Voice Recorder | 2023-12-11 | N/A | 2.4 LOW |
| Improper Access Control in Samsung Voice Recorder prior to versions 21.4.15.01 in Android 12 and Android 13, 21.4.50.17 in Android 14 allows physical attackers to access Voice Recorder information on the lock screen. | |||||
| CVE-2023-42578 | 1 Samsung | 1 Cloud | 2023-12-11 | N/A | 7.5 HIGH |
| Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission. | |||||
| CVE-2023-47304 | 1 Vonage | 2 Vdv23, Vdv23 Firmware | 2023-12-11 | N/A | 7.8 HIGH |
| An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device. | |||||
| CVE-2022-47531 | 1 Ericsson | 1 Evolved Packet Gateway | 2023-12-11 | N/A | 8.8 HIGH |
| An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell. | |||||
| CVE-2023-37572 | 1 Softing | 1 Opc | 2023-12-11 | N/A | 7.5 HIGH |
| Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. | |||||
| CVE-2021-35975 | 1 Systematica | 6 Financial Calculator, Fix Adapter, Http Adapter and 3 more | 2023-12-11 | N/A | 5.3 MEDIUM |
| Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25) | |||||
| CVE-2023-44295 | 1 Dell | 1 Powerscale Onefs | 2023-12-11 | N/A | 8.1 HIGH |
| Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure. | |||||
| CVE-2023-44288 | 1 Dell | 1 Powerscale Onefs | 2023-12-11 | N/A | 7.5 HIGH |
| Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2023-39248 | 1 Dell | 1 Networking Os10 | 2023-12-11 | N/A | 7.5 HIGH |
| Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2023-5188 | 1 Wago | 2 Telecontrol Configurator, Wagoapprtu | 2023-12-11 | N/A | 7.5 HIGH |
| The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device. | |||||
| CVE-2023-43472 | 1 Lfprojects | 1 Mlflow | 2023-12-11 | N/A | 7.5 HIGH |
| An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API. | |||||
| CVE-2023-48205 | 1 Jorani | 1 Leave Management System | 2023-12-11 | N/A | 5.3 MEDIUM |
| Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails. | |||||
| CVE-2023-43608 | 1 Buildroot | 1 Buildroot | 2023-12-11 | N/A | 8.1 HIGH |
| A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. | |||||
| CVE-2023-43628 | 1 Gpsd Project | 1 Gpsd | 2023-12-11 | N/A | 7.5 HIGH |
| An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2023-48207 | 1 Phpjabbers | 1 Availability Booking Calendar | 2023-12-11 | N/A | 8.8 HIGH |
| Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. | |||||
| CVE-2023-45838 | 1 Buildroot | 1 Buildroot | 2023-12-11 | N/A | 8.1 HIGH |
| Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `aufs` package. | |||||
| CVE-2023-22524 | 2 Apple, Atlassian | 2 Macos, Companion | 2023-12-11 | N/A | 9.8 CRITICAL |
| Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code. | |||||
| CVE-2023-33083 | 1 Qualcomm | 230 Ar8035, Ar8035 Firmware, Ar9380 and 227 more | 2023-12-11 | N/A | 9.8 CRITICAL |
| Memory corruption in WLAN Host while processing RRM beacon on the AP. | |||||
| CVE-2023-33082 | 1 Qualcomm | 230 Ar8035, Ar8035 Firmware, Ar9380 and 227 more | 2023-12-11 | N/A | 9.8 CRITICAL |
| Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE. | |||||
| CVE-2023-33087 | 1 Qualcomm | 236 Apq5053-aa, Apq5053-aa Firmware, Ar8035 and 233 more | 2023-12-11 | N/A | 7.8 HIGH |
| Memory corruption in Core while processing RX intent request. | |||||
| CVE-2023-33089 | 1 Qualcomm | 456 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 453 more | 2023-12-11 | N/A | 7.5 HIGH |
| Transient DOS when processing a NULL buffer while parsing WLAN vdev. | |||||
| CVE-2023-33088 | 1 Qualcomm | 612 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 609 more | 2023-12-11 | N/A | 7.8 HIGH |
| Memory corruption when processing cmd parameters while parsing vdev. | |||||
| CVE-2023-6376 | 1 Henschen | 1 Court Document Management | 2023-12-11 | N/A | 7.5 HIGH |
| Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents. | |||||
| CVE-2023-33092 | 1 Qualcomm | 190 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 187 more | 2023-12-11 | N/A | 7.8 HIGH |
| Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. | |||||
| CVE-2023-33098 | 1 Qualcomm | 526 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 523 more | 2023-12-11 | N/A | 7.5 HIGH |
| Transient DOS while parsing WPA IES, when it is passed with length more than expected size. | |||||
| CVE-2023-33097 | 1 Qualcomm | 244 Ar8035, Ar8035 Firmware, Csr8811 and 241 more | 2023-12-11 | N/A | 7.5 HIGH |
| Transient DOS in WLAN Firmware while processing a FTMR frame. | |||||
| CVE-2023-33106 | 1 Qualcomm | 306 Ar8035, Ar8035 Firmware, Csra6620 and 303 more | 2023-12-11 | N/A | 7.8 HIGH |
| Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. | |||||
| CVE-2023-33107 | 1 Qualcomm | 484 315 5g Iot Modem, 315 5g Iot Modem Firmware, Apq8017 and 481 more | 2023-12-11 | N/A | 7.8 HIGH |
| Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | |||||
| CVE-2023-42569 | 1 Samsung | 1 Android | 2023-12-11 | N/A | 3.3 LOW |
| Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji. | |||||
| CVE-2023-42570 | 1 Samsung | 1 Android | 2023-12-11 | N/A | 3.3 LOW |
| Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN. | |||||