Search Results (366811 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-32268 1 Microfocus 1 Filr 2024-11-21 7.2 High
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.
CVE-2023-32267 1 Microfocus 1 Arcsight Management Center 2024-11-21 6.4 Medium
A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited.
CVE-2023-32265 1 Microfocus 5 Cobol Server, Enterprise Developer, Enterprise Server and 2 more 2024-11-21 7.1 High
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users’ permissions in the Micro Focus Directory Server also reduce the exposure to this issue. Given the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.
CVE-2023-32263 1 Microfocus 1 Dimensions Cm 2024-11-21 2.6 Low
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability only applies when the Jenkins plugin is configured to use login certificate credentials. https://www.jenkins.io/security/advisory/2023-06-14/
CVE-2023-32262 1 Microfocus 1 Dimensions Cm 2024-11-21 4.3 Medium
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/
CVE-2023-32261 1 Microfocus 1 Dimensions Cm 2024-11-21 4.2 Medium
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/
CVE-2023-32252 3 Linux, Netapp, Redhat 12 Linux Kernel, H300s, H300s Firmware and 9 more 2024-11-21 7.5 High
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
CVE-2023-32248 3 Linux, Netapp, Redhat 7 Linux Kernel, H300s, H410c and 4 more 2024-11-21 7.5 High
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
CVE-2023-32247 3 Linux, Netapp, Redhat 6 Linux Kernel, H300s, H410s and 3 more 2024-11-21 7.5 High
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
CVE-2023-32241 1 Wpdeveloper 1 Essential Addons For Elementor 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin <= 5.4.8 versions.
CVE-2023-32239 1 Xtemos 1 Woodmart Theme 2024-11-21 5.4 Medium
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme <= 7.2.1 versions.
CVE-2023-32236 1 Bookingultrapro 1 Appointments Booking Calendar 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin <= 1.1.8 versions.
CVE-2023-32232 1 Vasion 1 Printerlogic Client 2024-11-21 9.9 Critical
An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. During client installation and repair, a PrinterLogic binary is called by the installer to configure the device. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges).
CVE-2023-32231 1 Vasion 1 Printerlogic Client 2024-11-21 9.9 Critical
An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.818. During installation, binaries gets executed out of a subfolder in C:\Windows\Temp. A standard user can create the folder and path file ahead of time and obtain elevated code execution.
CVE-2023-32230 1 Bosch 7 Monitor Wall, Video Recording Manager, Video Streaming Gateway and 4 more 2024-11-21 7.5 High
An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.
CVE-2023-32227 1 Synel 2 Synergy\/a, Synergy\/a Firmware 2024-11-21 9.8 Critical
Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials
CVE-2023-32226 1 Sysaid 1 Sysaid On-premises 2024-11-21 8.3 High
Sysaid - CWE-552: Files or Directories Accessible to External Parties -  Authenticated users may exfiltrate files from the server via an unspecified method.
CVE-2023-32225 1 Sysaid 1 Sysaid On-premises 2024-11-21 9.8 Critical
Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type -  A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.
CVE-2023-32204 1 Intel 1 One Boot Flash Update 2024-11-21 8.8 High
Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-32202 1 Walchem 2 Intuition 9, Intuition 9 Firmware 2024-11-21 6.5 Medium
Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device.