Export limit exceeded: 349887 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349887 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37456 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.5 Medium |
| The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115. | ||||
| CVE-2023-37427 | 2 Arubanetworks, Hpe | 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator | 2024-11-21 | 7.2 High |
| A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2023-37424 | 2 Arubanetworks, Hpe | 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator | 2024-11-21 | 8.1 High |
| A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | ||||
| CVE-2023-37410 | 1 Ibm | 1 Person Communications | 2024-11-21 | 8.4 High |
| IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138. | ||||
| CVE-2023-37404 | 1 Ibm | 1 Observability With Instana | 2024-11-21 | 6.4 Medium |
| IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789. | ||||
| CVE-2023-37378 | 1 Nullsoft | 1 Nullsoft Scriptable Install System | 2024-11-21 | 5.3 Medium |
| Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory. | ||||
| CVE-2023-37369 | 3 Debian, Qt, Redhat | 3 Debian Linux, Qt, Enterprise Linux | 2024-11-21 | 7.5 High |
| In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. | ||||
| CVE-2023-37267 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 7.5 High |
| Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1. | ||||
| CVE-2023-37263 | 1 Strapi | 1 Strapi | 2024-11-21 | 6.8 Medium |
| Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue. | ||||
| CVE-2023-37249 | 1 Infoblox | 1 Nios | 2024-11-21 | 8.8 High |
| Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access. | ||||
| CVE-2023-37239 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program. | ||||
| CVE-2023-37238 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.3 Medium |
| Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features. | ||||
| CVE-2023-37216 | 1 Anasystem | 2 Sensmini M4, Sensmini M4 Firmware | 2024-11-21 | 7.5 High |
| AnaSystem SensMini M4 – Using the configuration tool, an authenticated user can cause Denial of Service for the device | ||||
| CVE-2023-37208 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-11-21 | 7.8 High |
| When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | ||||
| CVE-2023-37174 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c. | ||||
| CVE-2023-36984 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 7.5 High |
| LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. | ||||
| CVE-2023-36983 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 7.5 High |
| LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. | ||||
| CVE-2023-36980 | 1 Ethereum | 1 Blockchain | 2024-11-21 | 5.3 Medium |
| An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold. | ||||
| CVE-2023-36862 | 1 Apple | 1 Macos | 2024-11-21 | 5.5 Medium |
| A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location. | ||||
| CVE-2023-36854 | 1 Apple | 1 Macos | 2024-11-21 | 7.8 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution. | ||||