Total
10395 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-7240 | 2024-11-21 | N/A | 5.8 MEDIUM | ||
| An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to arbitrary address. | |||||
| CVE-2023-6835 | 1 Wso2 | 2 Api Manager, Iot Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated. | |||||
| CVE-2023-6395 | 2 Fedoraproject, Rpm-software-management | 3 Extra Packages For Enterprise Linux, Fedora, Mock | 2024-11-21 | N/A | 6.7 MEDIUM |
| The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server. | |||||
| CVE-2023-5832 | 1 Mintplexlabs | 1 Anythingllm | 2024-11-21 | N/A | 9.1 CRITICAL |
| Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | |||||
| CVE-2023-5624 | 1 Tenable | 1 Nessus Network Monitor | 2024-11-21 | N/A | 7.2 HIGH |
| Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection. | |||||
| CVE-2023-5571 | 1 Vrite | 1 Vrite | 2024-11-21 | N/A | 7.5 HIGH |
| Improper Input Validation in GitHub repository vriteio/vrite prior to 0.3.0. | |||||
| CVE-2023-5397 | 2024-11-21 | N/A | 8.1 HIGH | ||
| Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2023-5275 | 1 Mitsubishielectric | 1 Gx Works2 | 2024-11-21 | N/A | 2.5 LOW |
| Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. | |||||
| CVE-2023-5274 | 1 Mitsubishielectric | 1 Gx Works2 | 2024-11-21 | N/A | 2.5 LOW |
| Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. | |||||
| CVE-2023-5104 | 1 Xgenecloud | 1 Nocodb | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0. | |||||
| CVE-2023-5097 | 2 Hypr, Microsoft | 2 Workforce Access, Windows | 2024-11-21 | N/A | 7.0 HIGH |
| Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7. | |||||
| CVE-2023-5079 | 1 Lenovo | 1 Lecloud | 2024-11-21 | N/A | 7.5 HIGH |
| Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure. | |||||
| CVE-2023-50262 | 1 Dompdf Project | 1 Dompdf | 2024-11-21 | N/A | 5.3 MEDIUM |
| Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. php-svg-lib, when run in isolation, does not support SVG references for `image` elements. However, when used in combination with Dompdf, php-svg-lib will process SVG images referenced by an `image` element. Dompdf currently includes validation to prevent self-referential `image` references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion by chaining references between two or more SVG images. When Dompdf parses a malicious payload, it will crash due after exceeding the allowed execution time or memory usage. An attacker sending multiple request to a system can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 2.0.4 contains a fix for this issue. | |||||
| CVE-2023-4698 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 7.5 HIGH |
| Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2. | |||||
| CVE-2023-4680 | 1 Hashicorp | 1 Vault | 2024-11-21 | N/A | 6.8 MEDIUM |
| HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11. | |||||
| CVE-2023-4481 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | N/A | 7.5 HIGH |
| An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers. Continuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. Improper Input Validation, Denial of Service vulnerability in Juniper Networks, Inc. Junos OS (BGP, rpd modules), Juniper Networks, Inc. Junos OS Evolved (BGP, rpd modules) allows Fuzzing.This issue affects Junos OS: * All versions before 20.4R3-S10, * from 21.1R1 through 21.*, * from 21.2 before 21.2R3-S5, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S7 (unaffected from 21.4R3-S5, affected from 21.4R3-S6) * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * All versions before 20.4R3-S10-EVO, * from 21.2-EVO before 21.2R3-S7-EVO, * from 21.3-EVO before 21.3R3-S5-EVO, * from 21.4-EVO before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. | |||||
| CVE-2023-4435 | 1 Hamza417 | 1 Inure | 2024-11-21 | N/A | 5.5 MEDIUM |
| Improper Input Validation in GitHub repository hamza417/inure prior to build88. | |||||
| CVE-2023-4357 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-49958 | 1 Dallmann-consulting | 1 Open Charge Point Protocol | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity. | |||||
| CVE-2023-49551 | 1 Cesanta | 1 Mjs | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file. | |||||