Search Results (363090 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-49374 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.
CVE-2023-49373 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.
CVE-2023-49372 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 8.8 High
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save.
CVE-2023-49371 1 Ruoyi 1 Ruoyi 2024-11-21 9.8 Critical
RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.
CVE-2023-49363 1 Rockoa 1 Rockoa 2024-11-21 9.8 Critical
Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php.
CVE-2023-49355 1 Jqlang 1 Jq 2024-11-21 7.5 High
decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation.
CVE-2023-49347 1 Ubuntubudgie 1 Budgie Extras 2024-11-21 6 Medium
Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application.
CVE-2023-49346 1 Ubuntubudgie 1 Budgie Extras 2024-11-21 6 Medium
Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
CVE-2023-49344 1 Ubuntubudgie 1 Budgie Extras 2024-11-21 6 Medium
Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
CVE-2023-49343 1 Ubuntubudgie 1 Budgie Extras 2024-11-21 6 Medium
Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
CVE-2023-49342 1 Ubuntubudgie 1 Budgie Extras 2024-11-21 6 Medium
Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
CVE-2023-49328 2 Linux, Wolterskluwer 2 Linux Kernel, B.point 2024-11-21 7.2 High
On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication phase, a validated system user can achieve remote code execution via Argument Injection in the server-to-server module.
CVE-2023-49322 4 Apple, F-secure, Linux and 1 more 10 Macos, Atlant, Client Security and 7 more 2024-11-21 7.5 High
Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.
CVE-2023-49321 4 Apple, F-secure, Linux and 1 more 10 Macos, Atlant, Client Security and 7 more 2024-11-21 5.3 Medium
Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.
CVE-2023-49316 1 Phpseclib 1 Phpseclib 2024-11-21 7.5 High
In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service.
CVE-2023-49313 1 Horsicq 1 Xmachoviewer 2024-11-21 9.8 Critical
A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data.
CVE-2023-49312 1 Precisionbridge 1 Precision Bridge 2024-11-21 9.1 Critical
Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address.
CVE-2023-49296 1 Arduino 1 Create Agent 2024-11-21 6.3 Medium
The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint `/certificate.crt` and the way the web interface of the ArduinoCreateAgent handles custom error messages. An attacker that is able to persuade a victim into clicking on a malicious link can perform a Reflected Cross-Site Scripting attack on the web interface of the create agent, which would allow the attacker to execute arbitrary browser client side code. Version 1.3.6 contains a fix for the issue.
CVE-2023-49292 1 Ecies 1 Go 2024-11-21 4.9 Medium
ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate(), Decapsulate() and ECDH() could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade.
CVE-2023-49291 1 Tj-actions 1 Branch-names 2024-11-21 9.3 Critical
tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The `tj-actions/branch-names` GitHub Actions improperly references the `github.event.pull_request.head.ref` and `github.head_ref` context variables within a GitHub Actions `run` step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name. As a result an attacker can use this vulnerability to steal secrets from or abuse `GITHUB_TOKEN` permissions. This vulnerability has been addressed in version 7.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.