Total
11774 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0057 | 1 Microsoft | 17 .net, .net Framework, Powershell and 14 more | 2024-11-21 | N/A | 9.1 CRITICAL |
| NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | |||||
| CVE-2023-7248 | 1 Opentext | 1 Vertica | 2024-11-21 | N/A | 5.0 MEDIUM |
| Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x | |||||
| CVE-2023-7240 | 2024-11-21 | N/A | 5.8 MEDIUM | ||
| An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to arbitrary address. | |||||
| CVE-2023-7163 | 1 Dlink | 1 D-view 8 | 2024-11-21 | N/A | 10.0 CRITICAL |
| A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory becoming full, or the execution of tasks on other probes. | |||||
| CVE-2023-6992 | 1 Cloudflare | 1 Zlib | 2024-11-21 | N/A | 4.0 MEDIUM |
| Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected. | |||||
| CVE-2023-6835 | 1 Wso2 | 2 Api Manager, Iot Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated. | |||||
| CVE-2023-6784 | 1 Progress | 1 Sitefinity | 2024-11-21 | N/A | 4.7 MEDIUM |
| A malicious user could potentially use the Sitefinity system for the distribution of phishing emails. | |||||
| CVE-2023-6395 | 2 Fedoraproject, Rpm-software-management | 3 Extra Packages For Enterprise Linux, Fedora, Mock | 2024-11-21 | N/A | 6.7 MEDIUM |
| The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server. | |||||
| CVE-2023-6381 | 1 Supermailer | 1 Supermailer | 2024-11-21 | N/A | 3.3 LOW |
| Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file (file with SMB extension) to a user via a link or email attachment and persuade the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the application when attempting to load the malicious file. | |||||
| CVE-2023-6245 | 1 Dfinity | 1 Candid | 2024-11-21 | N/A | 7.5 HIGH |
| The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop. Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected. | |||||
| CVE-2023-6073 | 1 Volkswagen | 2 Id.3, Id.3 Firmware | 2024-11-21 | N/A | 5.7 MEDIUM |
| Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls. | |||||
| CVE-2023-6012 | 1 Lanaccess | 1 Onsafe Monitorhm | 2024-11-21 | N/A | 8.3 HIGH |
| An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure. | |||||
| CVE-2023-5832 | 1 Mintplexlabs | 1 Anythingllm | 2024-11-21 | N/A | 9.1 CRITICAL |
| Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | |||||
| CVE-2023-5763 | 1 Eclipse | 1 Glassfish | 2024-11-21 | N/A | 6.8 MEDIUM |
| In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners. | |||||
| CVE-2023-5624 | 1 Tenable | 1 Nessus Network Monitor | 2024-11-21 | N/A | 7.2 HIGH |
| Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection. | |||||
| CVE-2023-5571 | 1 Vrite | 1 Vrite | 2024-11-21 | N/A | 7.5 HIGH |
| Improper Input Validation in GitHub repository vriteio/vrite prior to 0.3.0. | |||||
| CVE-2023-5421 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A | 3.5 LOW |
| An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before. This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34. | |||||
| CVE-2023-5397 | 2024-11-21 | N/A | 8.1 HIGH | ||
| Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2023-5275 | 1 Mitsubishielectric | 1 Gx Works2 | 2024-11-21 | N/A | 2.5 LOW |
| Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. | |||||
| CVE-2023-5274 | 1 Mitsubishielectric | 1 Gx Works2 | 2024-11-21 | N/A | 2.5 LOW |
| Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. | |||||