Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34434 | 1 Apache | 1 Inlong | 2023-08-02 | N/A | 7.5 HIGH |
| Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8130 . | |||||
| CVE-2023-21406 | 1 Axis | 2 A1001, A1001 Firmware | 2023-08-02 | N/A | 8.8 HIGH |
| Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which is handling the OSDP communication allowing to write outside of the allocated buffer. By appending invalid data to an OSDP message it was possible to write data beyond the heap allocated buffer. The data written outside the buffer could be used to execute arbitrary code. lease refer to the Axis security advisory for more information, mitigation and affected products and software versions. | |||||
| CVE-2023-3897 | 1 42gears | 1 Suremdm | 2023-08-02 | N/A | 5.3 MEDIUM |
| Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message. This issue affects SureMDM On-premise: 6.31 and below version | |||||
| CVE-2022-28864 | 1 Nokia | 1 Netact | 2023-08-02 | N/A | 8.8 HIGH |
| An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used. | |||||
| CVE-2022-28863 | 1 Nokia | 1 Netact | 2023-08-02 | N/A | 8.8 HIGH |
| An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value. | |||||
| CVE-2022-28865 | 1 Nokia | 1 Netact | 2023-08-02 | N/A | 5.4 MEDIUM |
| An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used. | |||||
| CVE-2022-28867 | 1 Nokia | 1 Netact | 2023-08-02 | N/A | 5.4 MEDIUM |
| An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used. | |||||
| CVE-2022-30280 | 1 Nokia | 1 Netact | 2023-08-02 | N/A | 8.8 HIGH |
| /SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application (even if it implements a CSRF token for the random GET request) does not ever verify a CSRF token. With a little help of social engineering/phishing (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application. | |||||
| CVE-2023-36862 | 1 Apple | 1 Macos | 2023-08-02 | N/A | 5.5 MEDIUM |
| A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location. | |||||
| CVE-2023-36854 | 1 Apple | 1 Macos | 2023-08-02 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-35983 | 1 Apple | 1 Macos | 2023-08-02 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system. | |||||
| CVE-2023-32437 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-02 | N/A | 8.6 HIGH |
| The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox. | |||||
| CVE-2023-32433 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-08-02 | N/A | 7.8 HIGH |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-32381 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-08-02 | N/A | 7.8 HIGH |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-38285 | 1 Trustwave | 1 Modsecurity | 2023-08-02 | N/A | 7.5 HIGH |
| Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity. | |||||
| CVE-2023-37732 | 1 Yasm Project | 1 Yasm | 2023-08-02 | N/A | 5.5 MEDIUM |
| Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. | |||||
| CVE-2023-37692 | 1 Octobercms | 1 October | 2023-08-02 | N/A | 5.4 MEDIUM |
| An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2023-37624 | 1 Netdisco | 1 Netdisco | 2023-08-02 | N/A | 6.1 MEDIUM |
| Netdisco before v2.063000 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | |||||
| CVE-2023-37623 | 1 Netdisco | 1 Netdisco | 2023-08-02 | N/A | 4.8 MEDIUM |
| Netdisco before v2.063000 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Web/TypeAhead.pm. | |||||
| CVE-2022-32449 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2023-08-02 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet. | |||||
| CVE-2021-31936 | 1 Microsoft | 1 Accessibility Insights For Web | 2023-08-02 | 4.3 MEDIUM | 7.4 HIGH |
| Microsoft Accessibility Insights for Web Information Disclosure Vulnerability | |||||
| CVE-2021-31214 | 1 Microsoft | 1 Visual Studio Code | 2023-08-02 | 9.3 HIGH | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-31213 | 1 Microsoft | 1 Remote | 2023-08-02 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability | |||||
| CVE-2021-31211 | 1 Microsoft | 1 Visual Studio Code | 2023-08-02 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-31209 | 1 Microsoft | 1 Exchange Server | 2023-08-02 | 5.8 MEDIUM | 6.5 MEDIUM |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2021-31208 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-08-02 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Container Manager Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-31205 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-08-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Windows SMB Client Security Feature Bypass Vulnerability | |||||
| CVE-2021-31200 | 1 Microsoft | 1 Neural Network Intelligence | 2023-08-02 | 6.5 MEDIUM | 7.2 HIGH |
| Common Utilities Remote Code Execution Vulnerability | |||||
| CVE-2021-31198 | 1 Microsoft | 1 Exchange Server | 2023-08-02 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-31195 | 1 Microsoft | 1 Exchange Server | 2023-08-02 | 6.8 MEDIUM | 6.5 MEDIUM |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-31194 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-08-02 | 6.5 MEDIUM | 8.8 HIGH |
| OLE Automation Remote Code Execution Vulnerability | |||||
| CVE-2021-31193 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-08-02 | 4.6 MEDIUM | 7.8 HIGH |
| Windows SSDP Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-31192 | 1 Microsoft | 1 Windows 10 | 2023-08-02 | 6.8 MEDIUM | 7.3 HIGH |
| Windows Media Foundation Core Remote Code Execution Vulnerability | |||||
| CVE-2021-31191 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-08-02 | 2.1 LOW | 5.5 MEDIUM |
| Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | |||||
| CVE-2021-31190 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2023-08-02 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-31188 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-08-02 | 2.1 LOW | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2021-31187 | 1 Microsoft | 1 Windows 10 | 2023-08-02 | 7.2 HIGH | 7.8 HIGH |
| Windows WalletService Elevation of Privilege Vulnerability | |||||
| CVE-2021-31186 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-08-02 | 4.3 MEDIUM | 7.4 HIGH |
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | |||||
| CVE-2021-31185 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-08-02 | 2.1 LOW | 5.5 MEDIUM |
| Windows Desktop Bridge Denial of Service Vulnerability | |||||
| CVE-2021-31184 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-08-02 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability | |||||
| CVE-2021-31182 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2023-08-02 | 4.8 MEDIUM | 7.1 HIGH |
| Microsoft Bluetooth Driver Spoofing Vulnerability | |||||
| CVE-2021-31181 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-08-02 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Remote Code Execution Vulnerability | |||||
| CVE-2021-31179 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2023-08-02 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2021-31178 | 1 Microsoft | 6 365 Apps, Excel, Office and 3 more | 2023-08-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Office Information Disclosure Vulnerability | |||||
| CVE-2021-31176 | 1 Microsoft | 4 365 Apps, Office, Office Online Server and 1 more | 2023-08-02 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2021-31175 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2023-08-02 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2021-31174 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2023-08-02 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Excel Information Disclosure Vulnerability | |||||
| CVE-2021-31173 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-08-02 | 4.0 MEDIUM | 5.3 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2021-31172 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-08-02 | 5.8 MEDIUM | 7.1 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2021-31171 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-08-02 | 2.1 LOW | 4.1 MEDIUM |
| Microsoft SharePoint Information Disclosure Vulnerability | |||||