Search Results (363285 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-51431 1 Hihonor 1 Phoneservice 2024-11-21 7 High
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.
CVE-2023-51429 1 Hihonor 1 Magic Os 2024-11-21 6 Medium
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.
CVE-2023-51428 1 Hihonor 1 Magic Os 2024-11-21 4.6 Medium
Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.
CVE-2023-51427 1 Hihonor 1 Magic Os 2024-11-21 4.6 Medium
Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.
CVE-2023-51426 1 Hihonor 1 Magic Os 2024-11-21 4.6 Medium
Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.
CVE-2023-51390 1 Aiven 1 Journalpump 2024-11-21 6.5 Medium
journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0.
CVE-2023-51387 1 Apache 1 Hertzbeat 2024-11-21 7.2 High
Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1.
CVE-2023-51386 1 Amazon 1 Awslabs Sandbox Accounts For Events 2024-11-21 7.8 High
Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned events, timeframes, budgets and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to. This issue has been patched in version 1.10.0.
CVE-2023-51377 1 Wpeverest 1 Everest Forms 2024-11-21 5.3 Medium
Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through 2.0.3.
CVE-2023-51376 1 Brainstormforce 1 Surefeedback 2024-11-21 4.3 Medium
Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34.
CVE-2023-51375 1 Wpdeveloper 1 Embedpress 2024-11-21 4.3 Medium
Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.8.3.
CVE-2023-51363 1 Buffalo 2 Vr-s1000, Vr-s1000 Firmware 2024-11-21 6.5 Medium
VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information.
CVE-2023-51258 1 Tortall 1 Yasm 2024-11-21 5.5 Medium
A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512.
CVE-2023-51136 1 Totolink 2 X2000r, X2000r Firmware 2024-11-21 9.8 Critical
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule.
CVE-2023-51135 1 Totolink 2 X2000r, X2000r Firmware 2024-11-21 9.8 Critical
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup.
CVE-2023-51133 1 Totolink 2 X2000r, X2000r Firmware 2024-11-21 9.8 Critical
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute.
CVE-2023-51107 1 Artifex 1 Mupdf 2024-11-21 7.5 High
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jquant2.c. NOTE: this is disputed by the supplier because there was not reasonable evidence to determine the existence of a vulnerability or identify the affected product.
CVE-2023-51106 1 Artifex 1 Mupdf 2024-11-21 7.5 High
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero.
CVE-2023-51105 1 Artifex 1 Mupdf 2024-11-21 7.5 High
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.
CVE-2023-51103 1 Artifex 1 Mupdf 2024-11-21 7.5 High
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_from_float_data() of pixmap.c.