Search Results (363915 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-28202 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-12-05 5.5 Medium
This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app firewall setting may not take effect after exiting the Settings app.
CVE-2023-28191 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-12-05 5.5 Medium
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.
CVE-2022-0788 1 Wpmet 1 Fundengine 2024-12-05 9.8 Critical
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users
CVE-2023-23539 1 Apple 1 Macos 2024-12-05 7.8 High
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.
CVE-2023-25003 1 Autodesk 17 Alias, Autocad, Autocad Advance Steel and 14 more 2024-12-05 7.8 High
A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.
CVE-2023-27908 1 Autodesk 1 Installer 2024-12-05 7.8 High
A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability.
CVE-2023-27964 1 Apple 1 Airpods Firmware 2024-12-05 5.4 Medium
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.
CVE-2024-22395 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2024-12-05 6.3 Medium
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.
CVE-2023-30260 1 Raspap 1 Raspap 2024-12-05 8.8 High
Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form.
CVE-2023-27197 1 Paxtechnology 2 Pax A930, Pax A930 Firmware 2024-12-05 6.7 Medium
PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability.
CVE-2023-30362 1 Libcoap 1 Libcoap 2024-12-05 7.5 High
Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu.
CVE-2023-21174 1 Google 1 Android 2024-12-05 7.8 High
In isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235822222
CVE-2023-21173 1 Google 1 Android 2024-12-05 5.5 Medium
In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262741858
CVE-2023-21172 1 Google 1 Android 2024-12-05 7.8 High
In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243015
CVE-2022-44276 1 Tecrail 1 Responsive Filemanager 2024-12-05 9.8 Critical
In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE.
CVE-2021-25828 1 Emby 1 Emby 2024-12-05 6.1 Medium
Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a crafted GET request to /web.
CVE-2023-29860 1 Dtstack 1 Taier 2024-12-05 7.5 High
An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method.
CVE-2023-2996 1 Automattic 1 Jetpack 2024-12-05 8.8 High
The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.
CVE-2023-32384 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-12-05 7.8 High
A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing an image may lead to arbitrary code execution.
CVE-2022-40010 1 Tenda 2 Ac6, Ac6 Firmware 2024-12-05 5.4 Medium
Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module.