Search Results (365299 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-45800 1 Hanbiro 1 Groupware 2024-11-21 7.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1.
CVE-2023-45799 1 Mlsoft 1 Tco\!stream 2024-11-21 7.2 High
In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files.
CVE-2023-45798 1 Yettiesoft 1 Vestcert 2024-11-21 8.4 High
In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution.
CVE-2023-45797 1 Dreamsecurity 1 Magicline 4.0 2024-11-21 9.8 Critical
A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code.
CVE-2023-45781 1 Google 1 Android 2024-11-21 5.5 Medium
In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-45779 1 Google 1 Android 2024-11-21 7.8 High
In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the referenced links.
CVE-2023-45777 1 Google 1 Android 2024-11-21 7.8 High
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-45776 1 Google 1 Android 2024-11-21 7.8 High
In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-45775 1 Google 1 Android 2024-11-21 7.8 High
In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-45773 1 Google 1 Android 2024-11-21 7.8 High
In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-45746 1 Sixapart 1 Movable Type 2024-11-21 5.4 Medium
Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier.
CVE-2023-45741 1 Buffalo 2 Vr-s1000, Vr-s1000 Firmware 2024-11-21 6.8 Medium
VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands.
CVE-2023-45737 1 Weseek 1 Growi 2024-11-21 5.4 Medium
Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page and the Markdown Settings (/admin/markdown) page of GROWI versions prior to v3.5.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
CVE-2023-45735 1 Westermo 2 L206-f2g, L206-f2g Firmware 2024-11-21 8 High
A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device.
CVE-2023-45734 1 Openatom 1 Openharmony 2024-11-21 4.2 Medium
in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write.
CVE-2023-45725 1 Apache 1 Couchdb 2024-11-21 5.7 Medium
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: *   list *   show *   rewrite *   update An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function. For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document. Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers
CVE-2023-45703 1 Hcltechsw 1 Hcl Launch 2024-11-21 5.3 Medium
HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion.
CVE-2023-45702 2 Hcltechsw, Microsoft 2 Hcl Launch, Windows 2024-11-21 6.2 Medium
An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts..
CVE-2023-45701 1 Hcltechsw 1 Hcl Launch 2024-11-21 4.3 Medium
HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2023-45700 1 Hcltechsw 1 Hcl Launch 2024-11-21 4.3 Medium
HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.