Search Results (366739 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-27412 1 Everestthemes 1 Mocho Blog 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Mocho Blog theme <= 1.0.4 versions.
CVE-2023-27395 1 Softether 1 Vpn 2024-11-21 9 Critical
A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
CVE-2023-27392 1 Intel 1 Support 2024-11-21 4.4 Medium
Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2023-27391 1 Intel 29 Advisor For Oneapi, Cpu Runtime For Opencl Applications, Distribution For Python Programming Language and 26 more 2024-11-21 6.7 Medium
Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-27390 1 Diagon Project 1 Diagon 2024-11-21 7.8 High
A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.
CVE-2023-27383 1 Intel 5 Advisor, Inspector, Mpi Library and 2 more 2024-11-21 6.8 Medium
Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023.1 and Intel(R)MPI Library software before version 2021.9 may allow a privileged user to potentially enable escalation of privilege via adjacent access.
CVE-2023-27380 1 Peplink 2 Surf Soho, Surf Soho Firmware 2024-11-21 7.2 High
An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2023-27379 1 Foxit 1 Pdf Reader 2024-11-21 8.8 High
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
CVE-2023-27377 1 Idattend 1 Idweb 2024-11-21 7.5 High
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
CVE-2023-27376 1 Idattend 1 Idweb 2024-11-21 7.5 High
Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
CVE-2023-27375 1 Idattend 1 Idweb 2024-11-21 7.5 High
Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
CVE-2023-27319 1 Netapp 1 Ontap Mediator 2024-11-21 5.3 Medium
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API.
CVE-2023-27318 1 Netapp 1 Storagegrid 2024-11-21 6.5 Medium
StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service.
CVE-2023-27315 1 Netapp 1 Snapgathers 2024-11-21 6.5 Medium
SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials
CVE-2023-27314 1 Netapp 1 Clustered Data Ontap 2024-11-21 7.5 High
ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service.
CVE-2023-27313 1 Netapp 1 Snapcenter 2024-11-21 8.3 High
SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user.
CVE-2023-27312 1 Netapp 1 Snapcenter Plug-in 2024-11-21 5.4 Medium
SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface.
CVE-2023-27308 1 Intel 1 Thunderbolt Dch Driver 2024-11-21 4.6 Medium
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-27307 1 Intel 1 Thunderbolt Dch Driver 2024-11-21 3.8 Low
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-27306 1 Intel 10 Optane Memory H20 With Solid State Storage, Optane Memory H20 With Solid State Storage Firmware, Optane Ssd 900p and 7 more 2024-11-21 6.5 Medium
Improper Initialization in firmware for some Intel(R) Optane(TM) SSD products may allow an authenticated user to potentially enable denial of service via local access.