Total
29518 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37935 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 6.5 MEDIUM |
| A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. | |||||
| CVE-2023-37923 | 1 Tonybybell | 1 Gtkwave | 2024-11-21 | N/A | 7.8 HIGH |
| Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt conversion utility. | |||||
| CVE-2023-37922 | 1 Tonybybell | 1 Gtkwave | 2024-11-21 | N/A | 7.8 HIGH |
| Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt2 conversion utility. | |||||
| CVE-2023-37921 | 1 Tonybybell | 1 Gtkwave | 2024-11-21 | N/A | 7.8 HIGH |
| Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2vzt conversion utility. | |||||
| CVE-2023-37759 | 1 Trendylogics | 1 Crypto Currency Tracker | 2024-11-21 | N/A | 9.8 CRITICAL |
| Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request. | |||||
| CVE-2023-37243 | 2 Atera, Microsoft | 2 Agent Package Availability, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges. | |||||
| CVE-2023-36843 | 1 Juniper | 1 Junos | 2024-11-21 | N/A | 7.5 HIGH |
| An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS). Upon receiving malformed SSL traffic, the PFE crashes. A manual restart will be needed to recover the device. This issue only affects devices with Juniper Networks Advanced Threat Prevention (ATP) Cloud enabled with Encrypted Traffic Insights (configured via ‘security-metadata-streaming policy’). This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S8, 20.4R3-S9; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3; | |||||
| CVE-2023-36635 | 1 Fortinet | 1 Fortiswitchmanager | 2024-11-21 | N/A | 7.1 HIGH |
| An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API. | |||||
| CVE-2023-36634 | 1 Fortinet | 1 Fortiap-u | 2024-11-21 | N/A | 7.1 HIGH |
| An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments. | |||||
| CVE-2023-36631 | 1 Malwarebytes | 1 Binisoft Windows Firewall Control | 2024-11-21 | N/A | 7.8 HIGH |
| Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password." | |||||
| CVE-2023-36538 | 1 Zoom | 1 Rooms | 2024-11-21 | N/A | 8.4 HIGH |
| Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | |||||
| CVE-2023-36535 | 1 Zoom | 3 Rooms, Virtual Desktop Infrastructure, Zoom | 2024-11-21 | N/A | 7.1 HIGH |
| Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. | |||||
| CVE-2023-36351 | 1 Viatomtech | 1 Vihealth | 2024-11-21 | N/A | 7.8 HIGH |
| An issue in Viatom Health ViHealth for Android v.2.74.58 and before allows a remote attacker to execute arbitrary code via the com.viatom.baselib.mvvm.webWebViewActivity component. | |||||
| CVE-2023-36133 | 1 Phpjabbers | 1 Availability Booking Calendar | 2024-11-21 | N/A | 9.8 CRITICAL |
| PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change. | |||||
| CVE-2023-36132 | 1 Phpjabbers | 1 Availability Booking Calendar | 2024-11-21 | N/A | 9.8 CRITICAL |
| PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control. | |||||
| CVE-2023-36131 | 1 Phpjabbers | 1 Availability Booking Calendar | 2024-11-21 | N/A | 9.8 CRITICAL |
| PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter. | |||||
| CVE-2023-36106 | 1 Powerjob | 1 Powerjob | 2024-11-21 | N/A | 7.5 HIGH |
| An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list. | |||||
| CVE-2023-35991 | 1 Elecom | 14 Lan-w300n\/dr, Lan-w300n\/dr Firmware, Lan-w300n\/p and 11 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions. | |||||
| CVE-2023-35870 | 1 Sap | 1 S4core | 2024-11-21 | N/A | 6.3 MEDIUM |
| When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template could be deleted, hence making the resource temporarily unavailable. | |||||
| CVE-2023-35867 | 1 Bosch | 20 Onvif Camera Event Driver Tool, Bosch Video Management System, Building Integration System Video Engine and 17 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks. | |||||