Search Results (366574 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-5004 1 Projectworlds 1 Hospital Management System In Php 2024-11-21 9.8 Critical
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.
CVE-2023-52428 2 Connect2id, Redhat 4 Nimbus Jose\+jwt, Amq Streams, Apache Camel Spring Boot and 1 more 2024-11-21 7.5 High
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
CVE-2023-52427 1 Objectcomputing 1 Opendds 2024-11-21 7.5 High
In OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of resource_limits.max_samples. NOTE: the vendor's position is that the product is not designed to handle a max_samples value that is too large for the amount of memory on the system.
CVE-2023-52338 1 Trendmicro 2 Deep Security, Deep Security Agent 2024-11-21 7.8 High
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2023-52314 1 Paddlepaddle 1 Paddlepaddle 2024-11-21 9.6 Critical
PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-52309 1 Paddlepaddle 1 Paddlepaddle 2024-11-21 8.2 High
Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
CVE-2023-52302 1 Paddlepaddle 1 Paddlepaddle 2024-11-21 4.7 Medium
Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52286 1 Tencent 1 Tencent Distributed Sql 2024-11-21 7.5 High
Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387.
CVE-2023-52284 1 Bytecodealliance 1 Webassembly Micro Runtime 2024-11-21 5.5 Medium
Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.
CVE-2023-52277 1 Royalapps 1 Royaltsx 2024-11-21 7.8 High
Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service (Heap Memory Corruption and application crash) or possibly have unspecified other impact via a long hostname in an RTSZ file, if the victim clicks on Test Connection. This occurs during SecureGatewayHost object processing in RAPortCheck.createNWConnection.
CVE-2023-52275 1 Tecno-mobile 2 Camon X, Camon X Firmware 2024-11-21 2.1 Low
Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension.
CVE-2023-52269 1 Mdaemon 1 Securitygateway 2024-11-21 4.8 Medium
MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators.
CVE-2023-52267 1 Hongliuliao 1 Ehttp 2024-11-21 7.5 High
ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings.
CVE-2023-52266 1 Hongliuliao 1 Ehttp 2024-11-21 7.5 High
ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. An attacker can make many connections over a short time to trigger this.
CVE-2023-52264 1 Thirtybees 1 Bees Blog 2024-11-21 6.1 Medium
The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled.
CVE-2023-52263 1 Brave 1 Browser 2024-11-21 6.1 Medium
Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc.
CVE-2023-52262 1 Outdoorbits 1 Little Backup Box 2024-11-21 9.8 Critical
outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input.
CVE-2023-52257 1 Logobee 1 Logobee 2024-11-21 6.1 Medium
LogoBee 0.2 allows updates.php?id= XSS.
CVE-2023-52252 1 Unifiedremote 1 Unified Remote 2024-11-21 9.8 Critical
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.
CVE-2023-52240 1 Kantega-sso 1 Kantega Saml Sso Oidc Kerberos Single Sign-on 2024-11-21 6.1 Medium
The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server (Kantega SSO Enterprise), and Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server (Kantega SSO Enterprise). (Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.)