Search Results (366668 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-26370 3 Adobe, Apple, Microsoft 5 Photoshop 2022, Photoshop 2023, Photoshop 2024 and 2 more 2024-11-21 7.8 High
Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-26368 3 Adobe, Apple, Microsoft 3 Incopy, Macos, Windows 2024-11-21 7.8 High
Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are affected by are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-26364 2 Adobe, Redhat 4 Css-tools, Migration Toolkit Applications, Migration Toolkit Runtimes and 1 more 2024-11-21 5.3 Medium
@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.
CVE-2023-26358 1 Adobe 1 Creative Cloud 2024-11-21 8.6 High
Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.
CVE-2023-26347 1 Adobe 1 Coldfusion 2024-11-21 7.5 High
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.
CVE-2023-26320 2 Mi, Xiaomi 3 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware, Xiaomi Router 2024-11-21 7.5 High
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.
CVE-2023-26319 2 Mi, Xiaomi 3 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware, Xiaomi Router 2024-11-21 6.7 Medium
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.
CVE-2023-26318 2 Mi, Xiaomi 3 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware, Xiaomi Router 2024-11-21 6.7 Medium
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers.
CVE-2023-26317 1 Mi 1 Xiaomi Router Firmware 2024-11-21 7 High
Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing.
CVE-2023-26316 1 Mi 1 Xiaomi Cloud 2024-11-21 6.1 Medium
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.
CVE-2023-26311 1 Oppo 1 Oppo Store 2024-11-21 7.4 High
A remote code execution vulnerability in the webview component of OPPO Store app.
CVE-2023-26310 1 Oppo 2 Coloros, Find X3 2024-11-21 7.4 High
There is a command injection problem in the old version of the mobile phone backup app.
CVE-2023-26309 1 Oneplus 1 Store 2024-11-21 7.4 High
A remote code execution vulnerability in the webview component of OnePlus Store app.
CVE-2023-26301 1 Hp 38 Color Laserjet Pro 4201-4203 4ra87f, Color Laserjet Pro 4201-4203 4ra87f Firmware, Color Laserjet Pro 4201-4203 4ra88f and 35 more 2024-11-21 9.8 Critical
Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.
CVE-2023-26300 1 Hp 178 200 G4 22 All-in-one Pc \(rom Family Ssid 86f0\), 200 G4 22 All-in-one Pc \(rom Family Ssid 86f0\) Firmware, 200 G4 22 All-in-one Pc \(rom Family Ssid 86f2\) and 175 more 2024-11-21 7.8 High
A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability.
CVE-2023-26289 1 Ibm 1 Aspera Orchestrator 2024-11-21 5.4 Medium
IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 248478.
CVE-2023-26288 1 Ibm 1 Aspera Orchestrator 2024-11-21 5.5 Medium
IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 248477.
CVE-2023-26286 1 Ibm 2 Aix, Vios 2024-11-21 8.4 High
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421.
CVE-2023-26279 1 Ibm 1 Qradar Wincollect 2024-11-21 3.3 Low
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160.
CVE-2023-26276 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2024-11-21 5.9 Medium
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147.