Search Results (367105 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-28974 1 Dell 5 Data Protection Advisor, Dp4400, Dp4400 Firmware and 2 more 2025-02-04 7.6 High
Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
CVE-2024-24908 1 Dell 2 Dm5500, Dm5500 Firmware 2025-02-04 6.5 Medium
Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem.
CVE-2024-22460 1 Dell 2 Dm5500, Dm5500 Firmware 2025-02-04 2.2 Low
Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.
CVE-2023-31043 1 Enterprisedb 1 Postgres Advanced Server 2025-02-04 7.5 High
EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands. The fixed versions are 10.23.33, 11.18.29, 12.13.17, 13.9.13, and 14.6.0.
CVE-2023-2250 1 Linuxfoundation 1 Open Cluster Management 2025-02-04 6.7 Medium
A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation.
CVE-2023-2245 1 Hansuncms Project 1 Hansuncms 2025-02-04 6.3 Medium
A vulnerability was found in hansunCMS 1.4.3. It has been declared as critical. This vulnerability affects unknown code of the file /ueditor/net/controller.ashx?action=catchimage. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227230 is the identifier assigned to this vulnerability.
CVE-2023-2241 1 Podofo Project 1 Podofo 2025-02-04 5.3 Medium
A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability.
CVE-2023-29848 1 Hockeycomputindo 1 Bang Resto 2025-02-04 4.8 Medium
Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function.
CVE-2023-29780 1 3reality 2 3rsb015bz, 3rsb015bz Firmware 2025-02-04 7.5 High
Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes.
CVE-2023-29578 1 Mp4v2 Project 1 Mp4v2 2025-02-04 8.8 High
mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp.
CVE-2023-29570 1 Cesanta 1 Mjs 2025-02-04 5.5 Medium
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2023-29566 2 Dawnsparks-node-tesseract Project, Huedawn-tesseract Project 2 Dawnsparks-node-tesseract, Huedawn-tesseract 2025-02-04 9.8 Critical
huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.
CVE-2023-28131 1 Expo 1 Expo Software Development Kit 2025-02-04 9.6 Critical
A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).
CVE-2023-26061 1 Nokia 1 Netact 2025-02-04 6.8 Medium
An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.
CVE-2023-26060 1 Nokia 1 Netact 2025-02-04 6.8 Medium
An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.
CVE-2023-26059 1 Nokia 1 Netact 2025-02-04 6.8 Medium
An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user.
CVE-2023-25514 3 Linux, Microsoft, Nvidia 3 Linux Kernel, Windows, Cuda Toolkit 2025-02-04 5.3 Medium
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.
CVE-2023-25347 1 Churchcrm 1 Churchcrm 2025-02-04 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php.
CVE-2023-25314 1 Wwbn 1 Avideo 2025-02-04 6.1 Medium
Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user.
CVE-2023-23838 2 Microsoft, Solarwinds 2 Windows, Database Performance Analyzer 2025-02-04 6.5 Medium
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.