Search Results (363135 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4095 1 Fujitsu 1 Arconte Aurea 2024-11-21 5.3 Medium
User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform.
CVE-2023-4094 1 Fujitsu 1 Arconte Aurea 2024-11-21 6.5 Medium
ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the login form.
CVE-2023-4093 1 Fujitsu 1 Arconte Aurea 2024-11-21 5.5 Medium
Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user.
CVE-2023-4092 1 Fujitsu 1 Arconte Aurea 2024-11-21 8.8 High
SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system.
CVE-2023-4090 1 Acilia 1 Widestand 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response.
CVE-2023-4088 1 Mitsubishielectric 1 Gx Works3 2024-11-21 9.3 Critical
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder.
CVE-2023-4057 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2024-11-21 9.8 Critical
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.
CVE-2023-4054 2 Microsoft, Mozilla 2 Windows, Firefox 2024-11-21 5.5 Medium
When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1.
CVE-2023-4052 1 Mozilla 2 Firefox, Firefox Esr 2024-11-21 6.5 Medium
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.
CVE-2023-4043 2 Eclipse, Redhat 6 Parsson, Camel Quarkus, Camel Spring Boot and 3 more 2024-11-21 5.9 Medium
In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.
CVE-2023-4041 1 Silabs 1 Gecko Bootloader 2024-11-21 9.8 Critical
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.
CVE-2023-4037 1 Setelsa-security 1 Conacwin 2024-11-21 9.9 Critical
Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter.
CVE-2023-4033 2 Lfprojects, Mlflow 2 Mlflow, Mlflow 2024-11-21 7.8 High
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
CVE-2023-4030 1 Lenovo 9 Thinkpad, Thinkpad P14s Gen 2, Thinkpad P14s Gen 2 Firmware and 6 more 2024-11-21 8.4 High
A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.
CVE-2023-4029 1 Lenovo 53 K14 Type 21cu, K14 Type 21cu Firmware, K14 Type 21cv and 50 more 2024-11-21 6.7 Medium
A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2023-4028 1 Lenovo 61 13w Yoga, 13w Yoga Firmware, 13w Yoga Gen 2 and 58 more 2024-11-21 6.7 Medium
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2023-4020 1 Silabs 1 Gecko Software Development Kit 2024-11-21 9 Critical
An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory.
CVE-2023-4011 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS.
CVE-2023-4007 1 Phpmyfaq 1 Phpmyfaq 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
CVE-2023-4006 1 Phpmyfaq 1 Phpmyfaq 2024-11-21 9.8 Critical
Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.