Export limit exceeded: 346349 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346349 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29902 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29902 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6017 | 1 H2o | 1 H2o | 2024-11-21 | 7.1 High |
| H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL. | ||||
| CVE-2023-5875 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | 3.7 Low |
| Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server | ||||
| CVE-2023-5765 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2024-11-21 | 9.8 Critical |
| Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching. | ||||
| CVE-2023-5570 | 1 Inohom | 1 Home Manager Gateway | 2024-11-21 | 7.5 High |
| Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting.This issue affects Home Manager Gateway: before v.1.27.12. | ||||
| CVE-2023-5563 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.1 High |
| The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception. | ||||
| CVE-2023-5550 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 6.5 Medium |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | ||||
| CVE-2023-5358 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 5.3 Medium |
| Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters. | ||||
| CVE-2023-5299 | 1 Fujielectric | 1 Tellus Lite V-simulator | 2024-11-21 | 7.3 High |
| A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system. | ||||
| CVE-2023-5240 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 7.5 High |
| Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request. | ||||
| CVE-2023-51070 | 1 Qstar | 1 Archive Storage Manager | 2024-11-21 | 7.5 High |
| An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server. | ||||
| CVE-2023-50959 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-11-21 | 5.3 Medium |
| IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938. | ||||
| CVE-2023-50954 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776. | ||||
| CVE-2023-50871 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 4.3 Medium |
| In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed | ||||
| CVE-2023-50708 | 1 Yiiframework | 1 Yii2-authclient | 2024-11-21 | 6.1 Medium |
| yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available. | ||||
| CVE-2023-50559 | 1 Openxiangshan | 1 Xiangshan | 2024-11-21 | 5.5 Medium |
| An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache. | ||||
| CVE-2023-50477 | 1 Nos | 1 Nos Client | 2024-11-21 | 9.8 Critical |
| An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js. | ||||
| CVE-2023-50332 | 1 Weseek | 1 Growi | 2024-11-21 | 6.5 Medium |
| Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user's intention. | ||||
| CVE-2023-4922 | 1 Wpb Show Core Project | 1 Wpb Show Core | 2024-11-21 | 9.8 Critical |
| The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter. | ||||
| CVE-2023-4898 | 1 Mintplexlabs | 1 Anything-llm | 2024-11-21 | 7.5 High |
| Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. | ||||
| CVE-2023-4749 | 1 Mayurik | 1 Inventory Management System | 2024-11-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability. | ||||