Search Results (364863 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-34464 1 Xwiki 1 Xwiki 2024-12-05 9.1 Critical
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of org.xwiki.platform:xwiki-platform-web-templates, any user who can edit a document in a wiki like the user profile can create a stored cross-site scripting attack. The attack occurs by putting plain HTML code into that document and then tricking another user to visit that document with the `displaycontent` or `rendercontent` template and plain output syntax. If a user with programming rights is tricked into visiting such a URL, arbitrary actions be performed with this user's rights, impacting the confidentiality, integrity, and availability of the whole XWiki installation. This has been patched in XWiki 14.4.8, 14.10.5 and 15.1RC1 by setting the content type of the response to plain text when the output syntax is not an HTML syntax.
CVE-2023-32398 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-12-05 7.8 High
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-32402 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2024-12-05 6.5 Medium
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.
CVE-2023-32354 1 Apple 4 Ipados, Iphone Os, Tvos and 1 more 2024-12-05 5.5 Medium
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. An app may be able to disclose kernel memory.
CVE-2024-48847 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2024-12-05 8.2 High
MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes.  Affected products: ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01
CVE-2023-28929 3 Microsoft, Trend Micro Inc, Trendmicro 14 Windows, Trend Micro Security, Antivirus\+ Security 2021 and 11 more 2024-12-05 7.8 High
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.
CVE-2023-35695 1 Trendmicro 1 Mobile Security 2024-12-05 7.5 High
A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product.
CVE-2023-34736 1 Guantang Equipment Management System Project 1 Guantang Equipment Management System 2024-12-05 7.2 High
Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload.
CVE-2023-34935 1 H3c 3 Magic, Magic B1st, Magic B1st Firmware 2024-12-05 7.5 High
A stack overflow in the AddWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2023-37365 1 Hnswlib Project 1 Hnswlib 2024-12-05 6.5 Medium
Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer.
CVE-2022-48332 1 Widevine 1 Trusted Application 2024-12-05 9.8 Critical
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys file_name_len integer overflow and resultant buffer overflow.
CVE-2023-32607 1 Pleasanter 1 Pleasanter 2024-12-05 5.4 Medium
Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.
CVE-2023-36675 1 Mediawiki 1 Mediawiki 2024-12-05 6.1 Medium
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.
CVE-2023-32608 1 Pleasanter 1 Pleasanter 2024-12-05 6.5 Medium
Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server.
CVE-2023-32613 1 Wavlink 2 Wl-wn531ax2, Wl-wn531ax2 Firmware 2024-12-05 8.1 High
Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in.
CVE-2023-32523 1 Trendmicro 1 Mobile Security 2024-12-05 8.8 High
Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524.
CVE-2024-20770 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2024-12-05 5.5 Medium
Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-32524 1 Trendmicro 1 Mobile Security 2024-12-05 8.8 High
Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523.
CVE-2024-20766 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2024-12-05 5.5 Medium
InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-51541 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2024-12-05 8.2 High
Local File Inclusion vulnerabilities allow access to sensitive system information.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02