Search Results (367109 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-32783 2 Microsoft, Zohocorp 2 Windows, Manageengine Adaudit Plus 2024-11-21 7.5 High
The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. NOTE: the vendor states "We do not consider this as a security bug and it's an expected behaviour."
CVE-2023-32782 1 Paessler 1 Prtg Network Monitor 2024-11-21 7.2 High
A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2023-32781 1 Paessler 1 Prtg Network Monitor 2024-11-21 7.2 High
A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2023-32764 2 Fabasoft, Microsoft 4 Cloud, Cloud Enterprise Client, Folio \/ Egov-suite and 1 more 2024-11-21 7.8 High
Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator.
CVE-2023-32763 1 Qt 1 Qt 2024-11-21 7.5 High
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.
CVE-2023-32762 1 Qt 1 Qt 2024-11-21 5.3 Medium
An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
CVE-2023-32761 1 Archerirm 1 Archer 2024-11-21 8.1 High
Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request.
CVE-2023-32760 1 Archerirm 1 Archer 2024-11-21 7.7 High
An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.
CVE-2023-32759 1 Archerirm 1 Archer 2024-11-21 7.5 High
An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.
CVE-2023-32757 1 Edetw 1 U-office Force 2024-11-21 9.8 Critical
e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.
CVE-2023-32756 1 Edetw 1 U-office Force 2024-11-21 7.5 High
e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can’t control system or disrupt service.
CVE-2023-32755 1 Edetw 1 U-office Force 2024-11-21 5.3 Medium
e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated remote attacker can obtain partial sensitive system information from error message by sending a crafted command.
CVE-2023-32748 1 Mitel 1 Mivoice Connect 2024-11-21 9.8 Critical
The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.
CVE-2023-32746 1 Woocommerce 1 Woocommerce Brands 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions.
CVE-2023-32740 1 Kunalnagar 1 Custom 404 Pro 2024-11-21 5.8 Medium
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.8.1 versions.
CVE-2023-32738 1 Xtendify 1 Eonet Manual User Approve 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve plugin <= 2.1.3 versions.
CVE-2023-32734 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-11-21 7.8 High
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-32731 2 Grpc, Redhat 2 Grpc, Enterprise Linux 2024-11-21 7.4 High
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in  https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005
CVE-2023-32725 1 Zabbix 2 Frontend, Zabbix Server 2024-11-21 9.6 Critical
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
CVE-2023-32693 1 Decidim 1 Decidim 2024-11-21 8.1 High
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.7.