Search Results (363161 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4389 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-21 7 High
A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.
CVE-2023-4384 1 Maximatech 1 Portal Executivo 2024-11-21 3.7 Low
A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to missing encryption of sensitive data. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-4383 1 Escanav 1 Escan Anti-virus 2024-11-21 7.8 High
A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-4381 1 Instantcms 1 Instantcms 2024-11-21 4.3 Medium
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4373 1 Devolutions 1 Remote Desktop Manager 2024-11-21 9.8 Critical
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.
CVE-2023-4371 1 Phprecdb 1 Phprecdb 2024-11-21 3.5 Low
A vulnerability was found in phpRecDB 1.3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument r/view leads to cross site scripting. The attack may be launched remotely. VDB-237194 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-4347 1 Librenms 1 Librenms 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.
CVE-2023-4346 1 Knx 1 Connection Authorization 2024-11-21 7.5 High
KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the device, but this password can often not be reset without entering the current password. If the device is configured to interface with a network, an attacker with access to that network could interface with the KNX installation, purge all devices without additional security options enabled, and set a BCU key, locking the device. Even if a device is not connected to a network, an attacker with physical access to the device could also exploit this vulnerability in the same way.
CVE-2023-4335 3 Broadcom, Intel, Linux 4 Lsi Storage Authority, Raid Controller Web Interface, Raid Web Console 3 and 1 more 2024-11-21 7.5 High
Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux
CVE-2023-4321 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.
CVE-2023-4311 1 Maurice 1 Vrm360 2024-11-21 8.8 High
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode.
CVE-2023-4310 1 Beyondtrust 2 Privileged Remote Access, Remote Support 2024-11-21 9.8 Critical
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.
CVE-2023-4309 1 Electionservicesco 1 Internet Election Service 2024-11-21 10 Critical
Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused elections and enabled web application firewall (WAF) protection for current and future elections on or around 2023-08-12.
CVE-2023-4304 1 Froxlor 1 Froxlor 2024-11-21 3.8 Low
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.
CVE-2023-4303 1 Jenkins 1 Fortify 2024-11-21 4.3 Medium
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.
CVE-2023-4302 1 Jenkins 1 Fortify 2024-11-21 4.2 Medium
A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2023-4301 1 Jenkins 1 Fortify 2024-11-21 4.2 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2023-4292 1 Frauscher 1 Frauscher Diagnostic System 101 2024-11-21 5.3 Medium
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.
CVE-2023-4291 1 Frauscher 1 Frauscher Diagnostic System 101 2024-11-21 9.8 Critical
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device.
CVE-2023-4272 1 Arm 4 Bifrost Gpu Kernel Driver, Mali Gpu Kernel Driver, Midgard Gpu Kernel Driver and 1 more 2024-11-21 5.5 Medium
A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory.