Export limit exceeded: 347147 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41881 | 1 Vantage6 | 1 Vantage6 | 2024-11-21 | 3.7 Low |
| vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds. | ||||
| CVE-2023-41786 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 6.8 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772. | ||||
| CVE-2023-41749 | 2 Acronis, Microsoft | 3 Agent, Cyber Protect, Windows | 2024-11-21 | 7.5 High |
| Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 32047, Acronis Cyber Protect 15 (Windows) before build 35979. | ||||
| CVE-2023-41748 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2024-11-21 | 9.8 Critical |
| Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | ||||
| CVE-2023-41746 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2024-11-21 | 9.8 Critical |
| Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | ||||
| CVE-2023-41745 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect, Macos and 2 more | 2024-11-21 | 5.5 Medium |
| Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | ||||
| CVE-2023-41676 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 4.2 Medium |
| An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs. | ||||
| CVE-2023-41355 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2024-11-21 | 9.8 Critical |
| Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking. | ||||
| CVE-2023-41354 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2024-11-21 | 4 Medium |
| Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, resulting in partially sensitive information exposed to an actor. | ||||
| CVE-2023-41336 | 1 Symfony | 1 Ux Autocomplete | 2024-11-21 | 6.5 Medium |
| ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an `EntityType` that is *not* part of the valid choices. The problem has been fixed in `symfony/ux-autocomplete` version 2.11.2. | ||||
| CVE-2023-41323 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 5.3 Medium |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-41321 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 4.9 Medium |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-41316 | 1 Tolgee | 1 Tolgee | 2024-11-21 | 5.5 Medium |
| Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitation emails which appear as legitimate org invitations. Bad actors may direct users to malicious website or execute javascript in the context of the users browser. This vulnerability has been addressed in version 3.29.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-41303 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified. | ||||
| CVE-2023-41300 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | ||||
| CVE-2023-41293 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2023-41081 | 2 Apache, Redhat | 3 Tomcat Connectors, Enterprise Linux, Jboss Core Services | 2024-11-21 | 7.5 High |
| Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker. Such an implicit mapping could result in the unintended exposure of the status worker and/or bypass security constraints configured in httpd. As of JK 1.2.49, the implicit mapping functionality has been removed and all mappings must now be via explicit configuration. Only mod_jk is affected by this issue. The ISAPI redirector is not affected. This issue affects Apache Tomcat Connectors (mod_jk only): from 1.2.0 through 1.2.48. Users are recommended to upgrade to version 1.2.49, which fixes the issue. History 2023-09-13 Original advisory 2023-09-28 Updated summary | ||||
| CVE-2023-41050 | 1 Zope | 2 Accesscontrol, Zope | 2024-11-21 | 6.8 Medium |
| AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a safe variant for `str.format` and denies access to `string.Formatter`. However, `str.format_map` is still unsafe. Affected are all users who allow untrusted users to create `AccessControl` controlled Python code and execute it. A fix has been introduced in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-41027 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2024-11-21 | 8 High |
| Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint. | ||||
| CVE-2023-40801 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2024-11-21 | 8.8 High |
| The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn | ||||