Search Results (363281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-50986 1 Tenda 2 I29, I29 Firmware 2024-11-21 8.8 High
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function.
CVE-2023-50985 1 Tenda 2 I29, I29 Firmware 2024-11-21 9.8 Critical
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function.
CVE-2023-50984 1 Tenda 2 I29, I29 Firmware 2024-11-21 9.8 Critical
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function.
CVE-2023-50983 1 Tenda 2 I29, I29 Firmware 2024-11-21 9.8 Critical
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function.
CVE-2023-50980 1 Cryptopp 1 Crypto\+\+ 2024-11-21 7.5 High
gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing.
CVE-2023-50979 1 Cryptopp 1 Crypto\+\+ 2024-11-21 5.9 Medium
Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding.
CVE-2023-50965 1 Starnight 1 Micro Http Server 2024-11-21 9.8 Critical
In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI.
CVE-2023-50964 1 Ibm 1 Infosphere Information Server 2024-11-21 5.4 Medium
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102.
CVE-2023-50962 1 Ibm 1 Powersc 2024-11-21 5.9 Medium
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004.
CVE-2023-50959 1 Ibm 1 Cloud Pak For Business Automation 2024-11-21 5.3 Medium
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938.
CVE-2023-50954 1 Ibm 1 Infosphere Information Server 2024-11-21 4.3 Medium
IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776.
CVE-2023-50953 1 Ibm 1 Infosphere Information Server 2024-11-21 5.4 Medium
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775.
CVE-2023-50952 1 Ibm 1 Infosphere Information Server 2024-11-21 5.4 Medium
IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774.
CVE-2023-50950 1 Ibm 1 Qradar Security Information And Event Manager 2024-11-21 3.7 Low
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709.
CVE-2023-50949 2024-11-21 5.9 Medium
IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706.
CVE-2023-50947 1 Ibm 2 Business Automation Workflow, Cloud Pak For Business Automation 2024-11-21 5.4 Medium
IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665.
CVE-2023-50941 1 Ibm 1 Powersc 2024-11-21 6.3 Medium
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131.
CVE-2023-50940 1 Ibm 1 Powersc 2024-11-21 5.3 Medium
IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130.
CVE-2023-50939 1 Ibm 1 Powersc 2024-11-21 5.9 Medium
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129.
CVE-2023-50938 1 Ibm 1 Powersc 2024-11-21 6.5 Medium
IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128.