Export limit exceeded: 43821 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43821 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23903 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-11-21 | 4.9 Medium |
| An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention. | ||||
| CVE-2023-23902 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | 9.8 Critical |
| A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-23844 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 7.2 High |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | ||||
| CVE-2023-23783 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 6.5 Medium |
| A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments. | ||||
| CVE-2023-23782 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 7.1 High |
| A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privilege via specifically crafted arguments to existing commands. | ||||
| CVE-2023-23781 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 6.1 Medium |
| A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files. | ||||
| CVE-2023-23780 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 7.6 High |
| A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests. | ||||
| CVE-2023-23581 | 1 Softether | 1 Vpn | 2024-11-21 | 7.5 High |
| A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. | ||||
| CVE-2023-23571 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | 7.5 High |
| An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-23567 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 8.1 High |
| A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially crafted file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2023-23549 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 2.7 Low |
| Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. | ||||
| CVE-2023-23528 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2024-11-21 | 6.5 Medium |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 16.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory. | ||||
| CVE-2023-23513 | 1 Apple | 1 Macos | 2024-11-21 | 9.8 Critical |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. | ||||
| CVE-2023-23441 | 1 Hihonor | 1 Magic Ui | 2024-11-21 | 6 Medium |
| Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. | ||||
| CVE-2023-23364 | 1 Qnap | 1 Multimedia Console | 2024-11-21 | 8.1 High |
| A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.1 ( 2023/03/29 ) and later Multimedia Console 1.4.7 ( 2023/03/20 ) and later | ||||
| CVE-2023-23363 | 1 Qnap | 1 Qts | 2024-11-21 | 8.1 High |
| A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later | ||||
| CVE-2023-23126 | 1 Connectwise | 1 Automate | 2024-11-21 | 6.1 Medium |
| Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack. | ||||
| CVE-2023-22877 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 7 High |
| IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368. | ||||
| CVE-2023-22845 | 1 Openimageio | 1 Openimageio | 2024-11-21 | 7.5 High |
| An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2023-22799 | 2 Redhat, Rubyonrails | 2 Satellite, Globalid | 2024-11-21 | 7.5 High |
| A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately. | ||||