Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35358 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35357 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2023-08-10 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-21643 | 1 Qualcomm | 48 Apq8064au, Apq8064au Firmware, Apq8096au and 45 more | 2023-08-10 | N/A | 7.8 HIGH |
| Memory corruption due to untrusted pointer dereference in automotive during system call. | |||||
| CVE-2023-3571 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2023-08-10 | N/A | 8.8 HIGH |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device. | |||||
| CVE-2023-39349 | 1 Sentry | 1 Sentry | 2023-08-10 | N/A | 8.1 HIGH |
| Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on `sentry.io`. For self-hosted users, it is advised to rotate user auth tokens. A fix is available in version 23.7.2 of `sentry` and `self-hosted`. There are no known workarounds. | |||||
| CVE-2023-39525 | 1 Prestashop | 1 Prestashop | 2023-08-10 | N/A | 9.1 CRITICAL |
| PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | |||||
| CVE-2023-39524 | 1 Prestashop | 1 Prestashop | 2023-08-10 | N/A | 9.8 CRITICAL |
| PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | |||||
| CVE-2023-38487 | 1 Hedgedoc | 1 Hedgedoc | 2023-08-10 | N/A | 8.2 HIGH |
| HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one. When the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note by making a POST request to the `/new/<ALIAS>` API endpoint. The `<ALIAS>` parameter can be set to the ID of an existing note. HedgeDoc did not verify whether the provided `<ALIAS>` value corresponds to a valid ID of an existing note and always allowed creation of the new note. When a visitor tried to access the existing note, HedgeDoc will first search for a note with a matching alias before it searches using the ID, therefore only the new note can be accessed. Depending on the permission settings of the HedgeDoc instance, the issue can be exploited only by logged-in users or by all (including non-logged-in) users. The exploit requires knowledge of the ID of the target note. Attackers could use this issue to present a manipulated copy of the original note to the user, e.g. by replacing the links with malicious ones. Attackers can also use this issue to prevent access to the original note, causing a denial of service. No data is lost, as the original content of the affected notes is still present in the database. This issue was fixed in version 1.9.9. As a workaround, disabling freeURL mode prevents the exploitation of this issue. The impact can be limited by restricting freeURL note creation to trusted, logged-in users by enabling `requireFreeURLAuthentication`/`CMD_REQUIRE_FREEURL_AUTHENTICATION`. | |||||
| CVE-2023-39184 | 1 Siemens | 1 Solid Edge | 2023-08-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-39183 | 1 Siemens | 1 Solid Edge | 2023-08-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-4195 | 1 Agentejo | 1 Cockpit | 2023-08-10 | N/A | 8.8 HIGH |
| PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. | |||||
| CVE-2023-39182 | 1 Siemens | 1 Solid Edge | 2023-08-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-39181 | 1 Siemens | 1 Solid Edge | 2023-08-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-32600 | 1 Rankmath | 1 Seo | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions. | |||||
| CVE-2023-39187 | 1 Siemens | 1 Solid Edge | 2023-08-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-21647 | 1 Qualcomm | 86 Qca6390, Qca6390 Firmware, Qca6391 and 83 more | 2023-08-10 | N/A | 6.5 MEDIUM |
| Information disclosure in Bluetooth when an GATT packet is received due to improper input validation. | |||||
| CVE-2023-39186 | 1 Siemens | 1 Solid Edge | 2023-08-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-39185 | 1 Siemens | 1 Solid Edge | 2023-08-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-21651 | 1 Qualcomm | 280 Aqt1000, Aqt1000 Firmware, Ar8031 and 277 more | 2023-08-10 | N/A | 7.8 HIGH |
| Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE. | |||||
| CVE-2023-21650 | 1 Qualcomm | 102 Aqt1000, Aqt1000 Firmware, Csrb31024 and 99 more | 2023-08-10 | N/A | 7.8 HIGH |
| Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length. | |||||
| CVE-2023-21649 | 1 Qualcomm | 130 Apq8096au, Apq8096au Firmware, Aqt1000 and 127 more | 2023-08-10 | N/A | 7.8 HIGH |
| Memory corruption in WLAN while running doDriverCmd for an unspecific command. | |||||
| CVE-2023-21648 | 1 Qualcomm | 68 Aqt1000, Aqt1000 Firmware, Qca6391 and 65 more | 2023-08-10 | N/A | 7.8 HIGH |
| Memory corruption in RIL while trying to send apdu packet. | |||||
| CVE-2023-21652 | 1 Qualcomm | 240 Aqt1000, Aqt1000 Firmware, Ar8035 and 237 more | 2023-08-10 | N/A | 7.1 HIGH |
| Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use. | |||||
| CVE-2023-22666 | 1 Qualcomm | 344 Apq8009, Apq8009 Firmware, Apq8017 and 341 more | 2023-08-10 | N/A | 7.8 HIGH |
| Memory Corruption in Audio while playing amrwbplus clips with modified content. | |||||
| CVE-2023-38697 | 1 Socketry | 1 Protocol-http1 | 2023-08-10 | N/A | 5.3 MEDIUM |
| protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split from chunk data using CRLF, and the chunk extension shouldn't contain any invisible character. However, Falcon has following behaviors while disobey the corresponding RFCs: accepting Content-Length header values that have `+` prefix, accepting Content-Length header values that written in hexadecimal with `0x` prefix, accepting `0x` and `+` prefixed chunk size, and accepting LF in chunk extension. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially results in HTTP request smuggling and firewall bypassing. This issue is fixed in `protocol-http1` v0.15.1. There are no known workarounds. | |||||
| CVE-2023-33379 | 1 Connectedio | 2 Er2000t-vz-cat1, Er2000t-vz-cat1 Firmware | 2023-08-10 | N/A | 9.8 CRITICAL |
| Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO's devices. | |||||
| CVE-2023-38698 | 1 Ens.domains | 1 Ethereum Name Service | 2023-08-10 | N/A | 6.5 MEDIUM |
| Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22. If successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost. Version 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action. | |||||
| CVE-2023-39188 | 1 Siemens | 1 Solid Edge | 2023-08-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-38699 | 1 Mindsdb | 1 Mindsdb | 2023-08-10 | N/A | 6.5 MEDIUM |
| MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior. | |||||
| CVE-2023-39107 | 2 Apple, Nomachine | 2 Macos, Nomachine | 2023-08-10 | N/A | 9.1 CRITICAL |
| An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks. | |||||
| CVE-2023-20216 | 1 Cisco | 12 Broadworks Application Delivery Platform, Broadworks Application Server, Broadworks Database Server and 9 more | 2023-08-10 | N/A | 7.8 HIGH |
| A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions. There are workarounds that address this vulnerability. | |||||
| CVE-2023-4196 | 1 Agentejo | 1 Cockpit | 2023-08-10 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. | |||||
| CVE-2023-3570 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2023-08-10 | N/A | 8.8 HIGH |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device. | |||||
| CVE-2023-3373 | 1 Mitsubishielectric | 4 Gs21, Gs21 Firmware, Gt21 and 1 more | 2023-08-10 | N/A | 9.1 CRITICAL |
| Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it. | |||||
| CVE-2023-0525 | 1 Mitsubishielectric | 14 Gs21, Gs21 Firmware, Gs25 and 11 more | 2023-08-10 | N/A | 7.5 HIGH |
| Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled. | |||||
| CVE-2023-33913 | 2 Google, Unisoc | 10 Android, S8000, T606 and 7 more | 2023-08-10 | N/A | 7.2 HIGH |
| In DRM/oemcrypto, there is a possible out of bounds write due to an incorrect calculation of buffer size.This could lead to remote escalation of privilege with System execution privileges needed | |||||
| CVE-2023-33912 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-10 | N/A | 5.5 MEDIUM |
| In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33911 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2023-08-10 | N/A | 5.5 MEDIUM |
| In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33910 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-10 | N/A | 5.5 MEDIUM |
| In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33909 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-10 | N/A | 5.5 MEDIUM |
| In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33908 | 2 Google, Unisoc | 13 Android, S8000, Sc9832e and 10 more | 2023-08-10 | N/A | 5.5 MEDIUM |
| In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33907 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-10 | N/A | 5.5 MEDIUM |
| In Contacts Service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2022-47351 | 2 Google, Unisoc | 10 Android, S8000, T606 and 7 more | 2023-08-10 | N/A | 4.4 MEDIUM |
| In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | |||||
| CVE-2023-37896 | 1 Projectdiscovery | 1 Nuclei | 2023-08-10 | N/A | 7.5 HIGH |
| Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. The issue occurred due to relative paths not being converted to absolute paths before doing the check for `sandbox` flag allowing arbitrary files to be read on the filesystem in certain cases when using Nuclei from `Go` SDK implementation. This issue has been fixed in version 2.9.9. The maintainers have also enabled sandbox by default for filesystem loading. This can be optionally disabled if required. The `-sandbox` option has been deprecated and is now divided into two new options: `-lfa` (allow local file access) which is enabled by default and `-lna` (restrict local network access) which can be enabled by users optionally. The `-lfa` allows file (payload) access anywhere on the system (disabling sandbox effectively), and `-lna` blocks connections to the local/private network. | |||||
| CVE-2023-3766 | 1 Cloudflare | 1 Odoh-rs | 2023-08-10 | N/A | 5.9 MEDIUM |
| A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable. | |||||
| CVE-2022-47350 | 2 Google, Unisoc | 12 Android, S8000, Sc9863a and 9 more | 2023-08-10 | N/A | 4.4 MEDIUM |
| In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | |||||
| CVE-2023-39344 | 1 Fobybus | 1 Social-media-skeleton | 2023-08-10 | N/A | 8.8 HIGH |
| social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for this issue. | |||||
| CVE-2022-30311 | 1 Festo | 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more | 2023-08-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | |||||
| CVE-2022-30310 | 1 Festo | 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more | 2023-08-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | |||||
| CVE-2022-30309 | 1 Festo | 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more | 2023-08-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | |||||