Search Results (366885 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-31981 1 Irontec 1 Sngrep 2025-01-29 7.8 High
Sngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packet_set_payload at /src/packet.c.
CVE-2023-30619 1 Enalean 1 Tuleap 2025-01-29 5.4 Medium
Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143.
CVE-2023-30550 1 Metersphere 1 Metersphere 2025-01-29 6.8 Medium
MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0.
CVE-2023-30243 1 Netentsec 1 Application Security Gateway 2025-01-29 7.5 High
Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId that allows access to sensitive information.
CVE-2023-30242 1 Netentsec 1 Application Security Gateway 2025-01-29 9.8 Critical
NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php.
CVE-2023-30135 1 Tenda 2 Ac18, Ac18 Firmware 2025-01-29 9.8 Critical
Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.
CVE-2023-2521 1 Ez-net 2 Next-7004n, Next-7004n Firmware 2025-01-29 3.5 Low
A vulnerability was found in NEXTU NEXT-7004N 3.0.1. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formFilter of the component POST Request Handler. The manipulation of the argument url with the input <svg onload=alert(1337)> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228012. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-26285 1 Ibm 1 Mq Appliance 2025-01-29 5.9 Medium
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.
CVE-2023-26125 2 Gin-gonic, Redhat 5 Gin, Migration Toolkit Applications, Migration Toolkit Virtualization and 2 more 2025-01-29 5.6 Medium
Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. **Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic.
CVE-2023-25934 1 Dell 1 Elastic Cloud Storage 2025-01-29 5.9 Medium
DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.
CVE-2023-24958 1 Ibm 6 3948-ved, 3948-ved Firmware, 3957-vec and 3 more 2025-01-29 8.8 High
A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320.
CVE-2023-23470 1 Ibm 1 I 2025-01-29 6.4 Medium
IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510.
CVE-2023-22651 1 Suse 1 Rancher 2025-01-29 9.9 Critical
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.
CVE-2023-21404 1 Axis 1 Axis Os 2025-01-29 4.1 Medium
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.
CVE-2023-1094 1 Monicahq 1 Monica 2025-01-29 8 High
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter.
CVE-2022-48239 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-29 4.4 Medium
In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
CVE-2022-46720 1 Apple 3 Ipados, Iphone Os, Macos 2025-01-29 8.6 High
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to break out of its sandbox
CVE-2022-32885 2 Apple, Redhat 10 Ipados, Iphone Os, Macos and 7 more 2025-01-29 8.8 High
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2021-28999 1 Cmsmadesimple 1 Cms Made Simple 2025-01-29 8.8 High
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
CVE-2021-27280 1 Mblog Project 1 Mblog 2025-01-29 7.8 High
OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected.