Total
10735 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41316 | 1 Tolgee | 1 Tolgee | 2024-11-21 | N/A | 5.5 MEDIUM |
| Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitation emails which appear as legitimate org invitations. Bad actors may direct users to malicious website or execute javascript in the context of the users browser. This vulnerability has been addressed in version 3.29.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-40801 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn | |||||
| CVE-2023-40800 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn. | |||||
| CVE-2023-40798 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability. | |||||
| CVE-2023-40797 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability. | |||||
| CVE-2023-40097 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2023-40062 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | N/A | 8.0 HIGH |
| SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges. | |||||
| CVE-2023-40061 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | N/A | 8.8 HIGH |
| Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. | |||||
| CVE-2023-3768 | 1 Ingeteam | 6 Ingepac Da3451, Ingepac Da3451 Firmware, Ingepac Ef Md and 3 more | 2024-11-21 | N/A | 8.6 HIGH |
| Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services. | |||||
| CVE-2023-3705 | 1 Cpplusworld | 6 Cp-vnr-3104, Cp-vnr-3104 Firmware, Cp-vnr-3108 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
| The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device. | |||||
| CVE-2023-3704 | 1 Cpplusworld | 18 Cp-uvr-0401l1-4kh, Cp-uvr-0401l1-4kh Firmware, Cp-uvr-0401l1b-4kh and 15 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device. | |||||
| CVE-2023-39950 | 1 Siemens | 1 Efibootguard | 2024-11-21 | N/A | 6.1 MEDIUM |
| efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into `bg_setenv`) or programs using `libebgenv`. This is triggered when the affected components try to modify a manipulated environment, in particular its user variables. Furthermore, `bg_printenv` may crash over invalid read accesses or report invalid results. Not affected by this issue is EFI Boot Guard's bootloader EFI binary. EFI Boot Guard release v0.15 contains required patches to sanitize and validate the bootloader environment prior to processing it in userspace. Its library and tools should be updated, so should programs statically linked against it. An update of the bootloader EFI executable is not required. The only way to prevent the issue with an unpatched EFI Boot Guard version is to avoid accesses to user variables, specifically modifications to them. | |||||
| CVE-2023-39530 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A | 6.5 MEDIUM |
| PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | |||||
| CVE-2023-39411 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | N/A | 5.0 MEDIUM |
| Improper input validationation for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2023-39390 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart. | |||||
| CVE-2023-39389 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability. | |||||
| CVE-2023-39388 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability. | |||||
| CVE-2023-39386 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart. | |||||
| CVE-2023-39382 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Input verification vulnerability in the audio module. Successful exploitation of this vulnerability may cause virtual machines (VMs) to restart. | |||||
| CVE-2023-39381 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart. | |||||