Search Results (364952 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-1388 1 Trellix 1 Agent 2025-01-06 6.3 Medium
A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable.
CVE-2023-0976 2 Apple, Trellix 2 Macos, Agent 2025-01-06 6.3 Medium
A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree.
CVE-2023-24014 1 Deltaww 1 Cncsoft-b 2025-01-06 7.8 High
Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code.
CVE-2023-25177 1 Deltaww 1 Cncsoft-b 2025-01-06 7.8 High
Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code.
CVE-2023-29502 1 Ptc 1 Vuforia Studio 2025-01-06 6.2 Medium
Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.
CVE-2024-52517 1 Nextcloud 1 Nextcloud Server 2025-01-06 4.6 Medium
Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1.
CVE-2023-31200 1 Ptc 1 Vuforia Studio 2025-01-06 5.7 Medium
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.
CVE-2024-52516 1 Nextcloud 1 Nextcloud Server 2025-01-06 3 Low
Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6 and Nextcloud Enterprise Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6.
CVE-2023-34239 1 Gradio Project 1 Gradio 2025-01-06 7.3 High
Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-34238 1 Gatsbyjs 1 Gatsby 2025-01-06 4.3 Medium
Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the `__file-code-frame` and `__original-stack-frame` paths, exposed when running the Gatsby develop server (`gatsby develop`). Any file in scope of the development server could potentially be exposed. It should be noted that by default `gatsby develop` is only accessible via the localhost `127.0.0.1`, and one would need to intentionally expose the server to other interfaces to exploit this vulnerability by using server options such as `--host 0.0.0.0`, `-H 0.0.0.0`, or the `GATSBY_HOST=0.0.0.0` environment variable. A patch has been introduced in `gatsby@5.9.1` and `gatsby@4.25.7` which mitigates the issue. Users are advised to upgrade. Users unable to upgrade should avoid exposing their development server to the internet.
CVE-2023-0954 1 Johnsoncontrols 4 Illustra Pro Gen 4 Dome, Illustra Pro Gen 4 Dome Firmware, Illustra Pro Gen 4 Ptz and 1 more 2025-01-06 8.3 High
A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack.
CVE-2023-34232 1 Snowflake 1 Snowflake Connector 2025-01-06 7.3 High
snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 1.6.21 contains a patch for this issue.
CVE-2023-34962 1 Chamilo 1 Chamilo Lms 2025-01-06 8.1 High
Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes.
CVE-2023-34747 1 Ujcms 1 Ujcms 2025-01-06 9.8 Critical
File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload.
CVE-2023-34624 1 Htmlcleaner Project 1 Htmlcleaner 2025-01-06 7.5 High
An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
CVE-2023-34614 1 Jsonij Project 1 Jsonij 2025-01-06 7.5 High
An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
CVE-2023-34613 1 Sojo Project 1 Sojo 2025-01-06 7.5 High
An issue was discovered sojo thru 1.1.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
CVE-2023-34612 1 Ph-json Project 1 Ph-json 2025-01-06 7.5 High
An issue was discovered ph-json thru 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
CVE-2023-34611 1 Mjson Project 1 Mjson 2025-01-06 7.5 High
An issue was discovered mjson thru 1.4.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
CVE-2023-34610 1 Json-io Project 1 Json-io 2025-01-06 7.5 High
An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.