Search Results (367166 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-29906 1 H3c 1 Magic R200 Firmware 2025-02-05 4.9 Medium
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm.
CVE-2023-29905 1 H3c 1 Magic R200 Firmware 2025-02-05 4.9 Medium
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm.
CVE-2023-29586 1 Codesector 1 Teracopy 2025-02-05 5.5 Medium
Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can copy arbitrary folders, and because the 143984 reference is about a different concern (unrelated to directory copying) that was fixed in 3.5b.
CVE-2023-28124 1 Ui 1 Desktop 2025-02-05 5.5 Medium
Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later.
CVE-2023-28123 1 Ui 1 Desktop 2025-02-05 5.5 Medium
A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later.
CVE-2023-28122 1 Ui 1 Desktop 2025-02-05 7.8 High
A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later.
CVE-2023-27848 1 Broccoli-compass Project 1 Broccoli-compass 2025-02-05 9.8 Critical
broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.
CVE-2023-27777 1 Online Jewelry Shop Project 1 Online Jewelry Shop 2025-02-05 5.4 Medium
Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL.
CVE-2023-27776 1 Online Jewelry Shop Project 1 Online Jewelry Shop 2025-02-05 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter.
CVE-2023-26865 1 Brandsdistribution 1 Bdroppy 2025-02-05 9.8 Critical
SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component.
CVE-2023-25619 1 Schneider-electric 14 Bmeh58s, Bmeh58s Firmware, Bmep58s and 11 more 2025-02-05 7.5 High
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.
CVE-2023-23451 1 Sick 20 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gent00030 and 17 more 2025-02-05 9.8 Critical
The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number <=2311xxxx with Firmware <=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number <=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number <=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number <=2311xxxx with Firmware <=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration.
CVE-2023-21097 1 Google 1 Android 2025-02-05 7.8 High
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261858325
CVE-2023-21096 1 Google 1 Android 2025-02-05 9.8 Critical
In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-254774758
CVE-2023-21094 1 Google 1 Android 2025-02-05 7.8 High
In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-248031255
CVE-2023-21093 1 Google 1 Android 2025-02-05 7.8 High
In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-228450832
CVE-2023-20865 1 Vmware 2 Aria Operations For Logs, Cloud Foundation 2025-02-05 7.2 High
VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.
CVE-2023-20864 1 Vmware 2 Aria Operations For Logs, Cloud Foundation 2025-02-05 9.8 Critical
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.
CVE-2023-20862 3 Netapp, Redhat, Vmware 3 Active Iq Unified Manager, Ocp Tools, Spring Security 2025-02-05 6.3 Medium
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.
CVE-2022-37334 1 Intel 22 Nuc 11 Pro Board Nuc11tnbi30z, Nuc 11 Pro Board Nuc11tnbi30z Firmware, Nuc 11 Pro Board Nuc11tnbi50z and 19 more 2025-02-05 7 High
Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access.