Search Results (366805 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-29103 1 Siemens 4 6gk1411-1ac00, 6gk1411-1ac00 Firmware, 6gk1411-5ac00 and 1 more 2025-01-28 4.3 Medium
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected data.
CVE-2023-29104 1 Siemens 4 6gk1411-1ac00, 6gk1411-1ac00 Firmware, 6gk1411-5ac00 and 1 more 2025-01-28 6 Medium
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to overwrite any file the Linux user `ccuser` has write access to, or to download any file the Linux user `ccuser` has read-only access to.
CVE-2023-29105 1 Siemens 4 6gk1411-1ac00, 6gk1411-1ac00 Firmware, 6gk1411-5ac00 and 1 more 2025-01-28 5.9 Medium
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device is vulnerable to a denial of service while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT broker and the affected device to cause a denial of service (DoS).
CVE-2023-29106 1 Siemens 4 6gk1411-1ac00, 6gk1411-1ac00 Firmware, 6gk1411-5ac00 and 1 more 2025-01-28 5.3 Medium
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint.
CVE-2023-29107 1 Siemens 4 6gk1411-1ac00, 6gk1411-1ac00 Firmware, 6gk1411-5ac00 and 1 more 2025-01-28 5.3 Medium
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources.
CVE-2023-29128 1 Siemens 4 6gk1411-1ac00, 6gk1411-1ac00 Firmware, 6gk1411-5ac00 and 1 more 2025-01-28 3.8 Low
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to write any file with the extension `.db`.
CVE-2023-30898 1 Siemens 1 Siveillance Video 2025-01-28 9.9 Critical
A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Event Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.
CVE-2023-33297 1 Bitcoin 1 Bitcoin Core 2025-01-28 7.5 High
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.
CVE-2023-31126 1 Xwiki 1 Xwiki 2025-01-28 9.1 Critical
`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect restricted cleaning in HTMLCleaner as there attributes are cleaned and thus characters like `/` and `>` are removed in all attribute names. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by making sure that data attributes only contain allowed characters. There are no known workarounds apart from upgrading to a version including the fix.
CVE-2022-48387 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-28 4.4 Medium
the apipe driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
CVE-2022-48385 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-28 4.4 Medium
In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
CVE-2022-48384 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-28 7.8 High
In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
CVE-2022-48383 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-28 7.8 High
.In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
CVE-2022-48382 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-28 4.4 Medium
In log service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
CVE-2022-48381 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-28 4.4 Medium
In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
CVE-2022-48380 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-28 4.4 Medium
In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
CVE-2022-48379 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-28 5.5 Medium
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
CVE-2022-48378 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-28 5.5 Medium
In engineermode service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
CVE-2022-48377 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-28 5.5 Medium
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
CVE-2022-48376 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-28 5.5 Medium
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.