Search Results (367176 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-33834 2 Ibm, Linux 2 Security Verify Information Queue, Linux Kernel 2024-11-21 4.3 Medium
IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-force ID: 256014.
CVE-2023-33833 2 Ibm, Linux 2 Security Verify Information Queue, Linux Kernel 2024-11-21 2.9 Low
IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain clear text which can be read by a local user. IBM X-Force ID: 256013.
CVE-2023-33832 2 Ibm, Linux 5 Aix, Spectrum Protect Client, Spectrum Protect For Space Management and 2 more 2024-11-21 6.2 Medium
IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. IBM X-Force ID: 256012.
CVE-2023-33831 1 Frangoteam 1 Fuxa 2024-11-21 9.8 Critical
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.
CVE-2023-33802 1 Sumatrapdfreader 1 Sumatrapdf 2024-11-21 5.5 Medium
A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to cause a Denial of Service (DoS) via a crafted text file.
CVE-2023-33800 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33799 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33798 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33797 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33796 1 Netbox 1 Netbox 2024-11-21 9.1 Critical
A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; queries for database objects would have been denied.
CVE-2023-33794 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33793 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33792 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33791 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33790 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33789 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33788 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Providers (/circuits/providers/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33787 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33786 1 Netbox 1 Netbox 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Circuit Types (/circuits/circuit-types/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33777 1 Prestashop 1 Amazon 2024-11-21 5.3 Medium
An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack.