Search Results (366256 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4303 1 Jenkins 1 Fortify 2024-11-21 4.3 Medium
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.
CVE-2023-4302 1 Jenkins 1 Fortify 2024-11-21 4.2 Medium
A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2023-4301 1 Jenkins 1 Fortify 2024-11-21 4.2 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2023-4292 1 Frauscher 1 Frauscher Diagnostic System 101 2024-11-21 5.3 Medium
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.
CVE-2023-4291 1 Frauscher 1 Frauscher Diagnostic System 101 2024-11-21 9.8 Critical
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device.
CVE-2023-4272 1 Arm 4 Bifrost Gpu Kernel Driver, Mali Gpu Kernel Driver, Midgard Gpu Kernel Driver and 1 more 2024-11-21 5.5 Medium
A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory.
CVE-2023-4258 1 Zephyrproject 1 Zephyr 2024-11-21 8.6 High
In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.
CVE-2023-4241 1 Cloudflare 1 Lol-html 2024-11-21 7.5 High
lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.
CVE-2023-4230 1 Moxa 3 Iologik 4000 Series, Iologik E4200, Iologik E4200 Firmware 2024-11-21 5.3 Medium
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors.
CVE-2023-4229 1 Moxa 2 Iologik E4200, Iologik E4200 Firmware 2024-11-21 4.3 Medium
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures.
CVE-2023-4228 1 Moxa 2 Iologik E4200, Iologik E4200 Firmware 2024-11-21 3.1 Low
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.
CVE-2023-4227 1 Moxa 3 Iologik 4000 Series, Iologik E4200, Iologik E4200 Firmware 2024-11-21 5.3 Medium
A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device.
CVE-2023-4226 1 Chamilo 1 Chamilo Lms 2024-11-21 8.8 High
Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVE-2023-4224 1 Chamilo 1 Chamilo Lms 2024-11-21 8.8 High
Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVE-2023-4222 1 Chamilo 1 Chamilo Lms 2024-11-21 7.2 High
Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
CVE-2023-4221 1 Chamilo 1 Chamilo Lms 2024-11-21 7.2 High
Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
CVE-2023-4220 1 Chamilo 1 Chamilo Lms 2024-11-21 8.1 High
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
CVE-2023-4219 1 Doctors Appointment System Project 1 Doctors Appointment System 2024-11-21 7.3 High
A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236365 was assigned to this vulnerability.
CVE-2023-4218 1 Eclipse 3 Eclipse Ide, Org.eclipse.core.runtime, Pde 2024-11-21 5 Medium
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
CVE-2023-4217 1 Moxa 2 Eds-g503, Eds-g503 Firmware 2024-11-21 3.1 Low
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.