Search Results (367078 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-31277 1 Piigab 2 M-bus 900s, M-bus 900s Firmware 2024-11-21 7.5 High
PiiGAB M-Bus transmits credentials in plaintext format.
CVE-2023-31274 1 Aveva 1 Pi Server 2024-11-21 5.3 Medium
AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to cause the PI Message Subsystem of a PI Server to consume available memory resulting in throttled processing of new PI Data Archive events and a partial denial-of-service condition.
CVE-2023-31273 1 Intel 1 Data Center Manager 2024-11-21 10 Critical
Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVE-2023-31271 1 Intel 1 Virtual Raid On Cpu 2024-11-21 6.7 Medium
Improper access control in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-31246 1 Intel 1 Server Debug And Provisioning Tool 2024-11-21 6.7 Medium
Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-31236 1 Unfocus 1 Scripts N Styles 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in unFocus Projects Scripts n Styles plugin <= 3.5.7 versions.
CVE-2023-31232 1 Artiss 1 Plugins List 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Artiss Plugins List plugin <= 2.5 versions.
CVE-2023-31224 1 Jamf 1 Jamf 2024-11-21 9.8 Critical
There is broken access control during authentication in Jamf Pro Server before 10.46.1.
CVE-2023-31221 1 Ransomchristofferson 1 Pdq Csv 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ransom Christofferson PDQ CSV plugin <= 1.0.0 versions.
CVE-2023-31218 1 Pluginus 1 Wolf - Wordpress Posts Bulk Editor And Products Manager Professional 2024-11-21 7.1 High
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions.
CVE-2023-31217 1 User Location And Ip Project 1 User Location And Ip 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MyTechTalky User Location and IP plugin <= 1.6 versions.
CVE-2023-31216 1 Ultimatemember 1 Ultimate Member 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.
CVE-2023-31213 1 Wpbakery 1 Page Builder 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPBakery Page Builder plugin <= 6.13.0 versions.
CVE-2023-31209 2 Checkmk, Tribe29 2 Checkmk, Checkmk 2024-11-21 8.8 High
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.
CVE-2023-31206 1 Apache 1 Inlong 2024-11-21 7.5 High
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://cveprocess.apache.org/cve5/[1]%C2%A0https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891
CVE-2023-31203 1 Intel 1 Openvino Model Server 2024-11-21 4.3 Medium
Improper input validation in some OpenVINO Model Server software before version 2022.3 for Intel Distribution of OpenVINO toolkit may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2023-31191 1 Bluemark 2 Dronescout Ds230, Dronescout Ds230 Firmware 2024-11-21 9.3 Critical
DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection. An attacker can exploit this vulnerability by injecting, on carefully selected channels, high power spoofed Open Drone ID (ODID) messages which force the DroneScout ds230 Remote ID receiver to drop real Remote ID (RID) information and, instead, generate and transmit JSON encoded MQTT messages containing crafted RID information. Consequently, the MQTT broker, typically operated by a system integrator, will have no access to the drones’ real RID information. This issue affects the adjacent channel suppression algorithm present in DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042.
CVE-2023-31190 1 Bluemark 2 Dronescout Ds230, Dronescout Ds230 Firmware 2024-11-21 8.1 High
DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper Authentication vulnerability during the firmware update procedure. Specifically, the firmware update procedure ignores and does not check the validity of the TLS certificate of the HTTPS endpoint from which the firmware update package (.tar.bz2 file) is downloaded. An attacker with the ability to put himself in a Man-in-the-Middle situation (e.g., DNS poisoning, ARP poisoning, control of a node on the route to the endpoint, etc.) can trick the DroneScout ds230 to install a crafted malicious firmware update containing arbitrary files (e.g., executable and configuration) and gain administrative (root) privileges on the underlying Linux operating system. This issue affects DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042.
CVE-2023-31188 1 Tp-link 5 Archer C20 Firmware, Archer C50 V3, Archer C50 V3 Firmware and 2 more 2024-11-21 8 High
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'.
CVE-2023-31177 1 Selinc 2 Sel-451, Sel-451 Firmware 2024-11-21 4.3 Medium
An Improper Neutralization of Input During Web Page Generation  ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system. See product Instruction Manual Appendix A dated 20230830 for more details.