Export limit exceeded: 35183 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35183 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42319 | 1 Ethereum | 1 Go Ethereum | 2024-11-21 | 7.5 High |
| Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is not] designed to withstand attacks by hostile clients, nor handle huge amounts of clients/traffic. | ||||
| CVE-2023-42012 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 6.2 Medium |
| An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509. | ||||
| CVE-2023-42010 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 3.1 Low |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507. | ||||
| CVE-2023-41934 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-11-21 | 5.3 Medium |
| Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked. | ||||
| CVE-2023-41893 | 1 Home-assistant | 1 Home-assistant | 2024-11-21 | 4.3 Medium |
| Home assistant is an open source home automation. The audit team’s analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized to fetch the `access_token` post-authentication will be sent to the URL specified in the aforementioned parameters. Since an arbitrary URL is permitted and `homeassistant.local` represents the preferred, default domain likely used and trusted by many users, an attacker could leverage this weakness to manipulate a user and retrieve account access. Notably, this attack strategy is plausible if the victim has exposed their Home Assistant to the Internet, since after acquiring the victim’s `access_token` the adversary would need to utilize it directly towards the instance to achieve any pertinent malicious actions. To achieve this compromise attempt, the attacker must send a link with a `redirect_uri` that they control to the victim’s own Home Assistant instance. In the eventuality the victim authenticates via said link, the attacker would obtain code sent to the specified URL in `redirect_uri`, which can then be leveraged to fetch an `access_token`. Pertinently, an attacker could increase the efficacy of this strategy by registering a near identical domain to `homeassistant.local`, which at first glance may appear legitimate and thereby obfuscate any malicious intentions. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-41881 | 1 Vantage6 | 1 Vantage6 | 2024-11-21 | 3.7 Low |
| vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds. | ||||
| CVE-2023-41807 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 9.1 Critical |
| Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to escalate permissions on the system shell. This issue affects Pandora FMS: from 700 through 773. | ||||
| CVE-2023-41806 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 8.2 High |
| Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability causes that a bad privilege assignment could cause a DOS attack that affects the availability of the Pandora FMS server. This issue affects Pandora FMS: from 700 through 773. | ||||
| CVE-2023-41749 | 2 Acronis, Microsoft | 3 Agent, Cyber Protect, Windows | 2024-11-21 | 7.5 High |
| Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 32047, Acronis Cyber Protect 15 (Windows) before build 35979. | ||||
| CVE-2023-41723 | 1 Veeam | 1 One | 2024-11-21 | 4.3 Medium |
| A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes. | ||||
| CVE-2023-41721 | 1 Ui | 6 Unifi Dream Machine, Unifi Dream Machine Pro, Unifi Dream Machine Special Edition and 3 more | 2024-11-21 | 5.3 Medium |
| Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later. | ||||
| CVE-2023-41720 | 1 Ivanti | 1 Connect Secure | 2024-11-21 | 7.8 High |
| A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system. | ||||
| CVE-2023-41719 | 1 Ivanti | 1 Connect Secure | 2024-11-21 | 7.2 High |
| A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution. | ||||
| CVE-2023-41629 | 1 Esst | 1 Esst Monitoring | 2024-11-21 | 7.5 High |
| A lack of input sanitizing in the file download feature of eSST Monitoring v2.147.1 allows attackers to execute a path traversal. | ||||
| CVE-2023-41628 | 1 O-ran-sc | 1 E2 | 2024-11-21 | 7.5 High |
| An issue in O-RAN Software Community E2 G-Release allows attackers to cause a Denial of Service (DoS) by incorrectly initiating the messaging procedure between the E2Node and E2Term components. | ||||
| CVE-2023-41627 | 1 O-ran-sc | 1 Ric Message Router | 2024-11-21 | 7.5 High |
| O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing attackers to send forged routing tables to the device. | ||||
| CVE-2023-41578 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 7.5 High |
| Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection. | ||||
| CVE-2023-41444 | 2 Binalyze, Microsoft | 2 Irec, Windows | 2024-11-21 | 7.8 High |
| An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. | ||||
| CVE-2023-41376 | 1 Nokia | 2 Service Router Linux, Service Router Operating System | 2024-11-21 | 7.5 High |
| Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes. | ||||
| CVE-2023-41363 | 1 Cerebrate-project | 1 Cerebrate | 2024-11-21 | 4.3 Medium |
| In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users. | ||||