Search Results (367102 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-36639 1 Fortinet 3 Fortios, Fortipam, Fortiproxy 2024-11-21 7 High
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests.
CVE-2023-36638 1 Fortinet 2 Fortianalyzer, Fortimanager 2024-11-21 4.2 Medium
An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID.
CVE-2023-36637 1 Fortinet 1 Fortimail 2024-11-21 3.4 Low
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields.
CVE-2023-36635 1 Fortinet 1 Fortiswitchmanager 2024-11-21 6.9 Medium
An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API.
CVE-2023-36634 1 Fortinet 1 Fortiap-u 2024-11-21 6.5 Medium
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.
CVE-2023-36633 1 Fortinet 1 Fortimail 2024-11-21 5.3 Medium
An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.
CVE-2023-36631 1 Malwarebytes 1 Binisoft Windows Firewall Control 2024-11-21 7.8 High
Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password."
CVE-2023-36628 1 Purestorage 1 Purity\/\/fa 2024-11-21 8.8 High
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
CVE-2023-36627 1 Purestorage 1 Purity 2024-11-21 7.7 High
A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.
CVE-2023-36621 1 Nationaledtech 1 Boomerang 2024-11-21 9.1 Critical
An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing.
CVE-2023-36620 1 Nationaledtech 1 Boomerang 2024-11-21 4.6 Medium
An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API.
CVE-2023-36619 1 Unify 1 Session Border Controller 2024-11-21 9.8 Critical
Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users.
CVE-2023-36618 1 Unify 1 Session Border Controller 2024-11-21 8.8 High
Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users.
CVE-2023-36611 1 Ovarro 10 Tbox Lt2, Tbox Lt2 Firmware, Tbox Ms-cpu32 and 7 more 2024-11-21 6.5 Medium
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.
CVE-2023-36610 1 Ovarro 10 Tbox Lt2, Tbox Lt2 Firmware, Tbox Ms-cpu32 and 7 more 2024-11-21 5.9 Medium
​The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.
CVE-2023-36608 1 Ovarro 10 Tbox Lt2, Tbox Lt2 Firmware, Tbox Ms-cpu32 and 7 more 2024-11-21 6.5 Medium
The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm.
CVE-2023-36555 1 Fortinet 1 Fortios 2024-11-21 3.9 Low
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components.
CVE-2023-36554 1 Fortinet 1 Fortimanager 2024-11-21 7.7 High
A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
CVE-2023-36551 1 Fortinet 1 Fortisiem 2024-11-21 4.2 Medium
A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request.
CVE-2023-36550 1 Fortinet 1 Fortiwlm 2024-11-21 9.6 Critical
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.