Export limit exceeded: 349894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38132 | 2 Elecom, Logitec | 3 Lan-w451ngr, Lan-w451ngr Firmware, Lan-w451ngr | 2024-11-21 | 8.8 High |
| LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service. | ||||
| CVE-2023-38062 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 Medium |
| In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations | ||||
| CVE-2023-38059 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.3 Medium |
| The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34. | ||||
| CVE-2023-38043 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2024-11-21 | 7.8 High |
| A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. | ||||
| CVE-2023-38023 | 2 Intel, Scontain | 2 Software Guard Extensions, Scone | 2024-11-21 | 5.5 Medium |
| An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak." | ||||
| CVE-2023-38022 | 1 Fortanix | 1 Confidential Computing Manager | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user. | ||||
| CVE-2023-38021 | 1 Fortanix | 1 Confidential Computing Manager | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer. | ||||
| CVE-2023-37939 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 3 Low |
| An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning. | ||||
| CVE-2023-37917 | 1 Fit2cloud | 1 Kubepi | 2024-11-21 | 9.1 Critical |
| KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-37916 | 1 Fit2cloud | 1 Kubepi | 2024-11-21 | 6.5 Medium |
| KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-37915 | 1 Objectcomputing | 1 Opendds | 2024-11-21 | 7.5 High |
| OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS crashes while parsing a malformed `PID_PROPERTY_LIST` in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage containing the malformed parameter to the known multicast port. This issue has been addressed in version 3.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-37912 | 1 Xwiki | 1 Xwiki-rendering | 2024-11-21 | 10 Critical |
| XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro. | ||||
| CVE-2023-37831 | 1 Elenos | 3 Etg150, Etg150 Firmware, Etg150 Fm | 2024-11-21 | 5.3 Medium |
| An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted. | ||||
| CVE-2023-37767 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so. | ||||
| CVE-2023-37766 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so. | ||||
| CVE-2023-37765 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so. | ||||
| CVE-2023-37754 | 1 Powerjob | 1 Powerjob | 2024-11-21 | 9.8 Critical |
| PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail. | ||||
| CVE-2023-37649 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 7.5 High |
| Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data. | ||||
| CVE-2023-37563 | 1 Elecom | 10 Wrc-1167febk-a, Wrc-1167febk-a Firmware, Wrc-1167febk-s and 7 more | 2024-11-21 | 6.5 Medium |
| ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions. | ||||
| CVE-2023-37559 | 1 Codesys | 16 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 13 more | 2024-11-21 | 6.5 Medium |
| After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37558 | ||||