Search Results (364862 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-41790 1 Artica 1 Pandora Fms 2024-11-21 7.6 High
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773.
CVE-2023-41789 1 Artica 1 Pandora Fms 2024-11-21 7.6 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allows an attacker to perform cookie hijacking and log in as that user without the need for credentials. This issue affects Pandora FMS: from 700 through 773.
CVE-2023-41788 1 Artica 1 Pandora Fms 2024-11-21 7.6 High
Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773.
CVE-2023-41787 1 Artica 1 Pandora Fms 2024-11-21 6 Medium
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772.
CVE-2023-41786 1 Artica 1 Pandora Fms 2024-11-21 6.8 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772.
CVE-2023-41775 2 Apple, L-is-b 2 Macos, Direct 2024-11-21 5.5 Medium
Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction and to use camrea, microphone, etc. of the device where the product is installed without the user's consent.
CVE-2023-41751 2 Acronis, Microsoft 2 Agent, Windows 2024-11-21 5.5 Medium
Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build 32047.
CVE-2023-41750 4 Acronis, Apple, Linux and 1 more 4 Agent, Macos, Linux Kernel and 1 more 2024-11-21 5.5 Medium
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 32047.
CVE-2023-41749 2 Acronis, Microsoft 3 Agent, Cyber Protect, Windows 2024-11-21 7.5 High
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 32047, Acronis Cyber Protect 15 (Windows) before build 35979.
CVE-2023-41748 2 Acronis, Microsoft 2 Cloud Manager, Windows 2024-11-21 9.8 Critical
Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203.
CVE-2023-41746 2 Acronis, Microsoft 2 Cloud Manager, Windows 2024-11-21 9.8 Critical
Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203.
CVE-2023-41745 4 Acronis, Apple, Linux and 1 more 5 Agent, Cyber Protect, Macos and 2 more 2024-11-21 5.5 Medium
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.
CVE-2023-41744 2 Acronis, Apple 3 Agent, Cyber Protect, Macos 2024-11-21 7.8 High
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979.
CVE-2023-41742 4 Acronis, Apple, Linux and 1 more 5 Agent, Cyber Protect, Macos and 2 more 2024-11-21 7.5 High
Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.
CVE-2023-41741 1 Synology 1 Router Manager 2024-11-21 5.3 Medium
Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2023-41740 1 Synology 1 Router Manager 2024-11-21 5.3 Medium
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.
CVE-2023-41739 1 Synology 1 Router Manager 2024-11-21 4.9 Medium
Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.
CVE-2023-41738 1 Synology 1 Router Manager 2024-11-21 7.2 High
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2023-41737 1 Wpgens 1 Swifty Bar 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGens Swifty Bar, sticky bar by WPGens plugin <= 1.2.10 versions.
CVE-2023-41736 1 Gopiplus 1 Email Posts To Subscribers 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Email posts to subscribers plugin <= 6.2 versions.