Search Results (364818 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-41106 1 Zimbra 1 Collaboration 2024-11-21 7.5 High
An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. An attacker can gain access to a Zimbra account. This is also fixed in 9.0.0 Patch 35 and 8.8.15 Patch 42.
CVE-2023-41105 3 Netapp, Python, Redhat 3 Active Iq Unified Manager, Python, Enterprise Linux 2024-11-21 7.5 High
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
CVE-2023-41104 2 Libvmod Digest, Varnish-software 3 Libvmod Digest, Varnish Enterprise, Vmod Digest 2024-11-21 6.5 Medium
libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use.
CVE-2023-41102 1 Opennds 1 Opennds 2024-11-21 7.5 High
An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory. Affected OpenNDS before version 10.1.3 fixed in OpenWrt master and OpenWrt 23.05 on 23. November by updating OpenNDS to version 10.2.0.
CVE-2023-41101 1 Opennds 1 Opennds 2024-11-21 9.8 Critical
An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution). Affected OpenNDS before version 10.1.3 fixed in OpenWrt master and OpenWrt 23.05 on 23. November by updating OpenNDS to version 10.2.0.
CVE-2023-41100 1 Hcaptcha For Ext\ 1 Form Project 2024-11-21 5.3 Medium
An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check.
CVE-2023-41098 1 Misp 1 Misp 2024-11-21 6.1 Medium
An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.
CVE-2023-41096 1 Silabs 1 Emberznet Sdk 2024-11-21 6.8 Medium
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.
CVE-2023-41095 1 Silabs 1 Openthread Sdk 2024-11-21 6.8 Medium
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.
CVE-2023-41094 1 Silabs 1 Emberznet 2024-11-21 10 Critical
TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected
CVE-2023-41091 1 Intel 1 Mpi Library 2024-11-21 6.7 Medium
Uncontrolled search path for some Intel(R) MPI Library Software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-41090 1 Intel 1 Memory And Storage Tool 2024-11-21 1.8 Low
Race condition in some Intel(R) MAS software before version 2.3 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-41089 1 Dexma 1 Dexgate 2024-11-21 8 High
The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the attack takes advantage of the cookie header to generate "legitimate" requests.
CVE-2023-41088 1 Dexma 1 Dexgate 2024-11-21 6.3 Medium
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, could capture traffic. The attacker can later us the information within it to access the application.
CVE-2023-41086 1 Furunosystems 24 Acera 1010, Acera 1010 Firmware, Acera 1020 and 21 more 2024-11-21 8.8 High
Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.
CVE-2023-41085 1 F5 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more 2024-11-21 7.5 High
When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-41084 1 Socomec 2 Modulys Gp, Modulys Gp Firmware 2024-11-21 10 Critical
Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.
CVE-2023-41081 2 Apache, Redhat 3 Tomcat Connectors, Enterprise Linux, Jboss Core Services 2024-11-21 7.5 High
Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker. Such an implicit mapping could result in the unintended exposure of the status worker and/or bypass security constraints configured in httpd. As of JK 1.2.49, the implicit mapping functionality has been removed and all mappings must now be via explicit configuration. Only mod_jk is affected by this issue. The ISAPI redirector is not affected. This issue affects Apache Tomcat Connectors (mod_jk only): from 1.2.0 through 1.2.48. Users are recommended to upgrade to version 1.2.49, which fixes the issue. History 2023-09-13 Original advisory 2023-09-28 Updated summary
CVE-2023-41075 1 Apple 3 Ipados, Iphone Os, Macos 2024-11-21 7.8 High
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-41058 1 Parseplatform 1 Parse-server 2024-11-21 7.5 High
Parse Server is an open source backend server. In affected versions the Parse Cloud trigger `beforeFind` is not invoked in certain conditions of `Parse.Query`. This can pose a vulnerability for deployments where the `beforeFind` trigger is used as a security layer to modify the incoming query. The vulnerability has been fixed by refactoring the internal query pipeline for a more concise code structure and implementing a patch to ensure the `beforeFind` trigger is invoked. This fix was introduced in commit `be4c7e23c6` and has been included in releases 6.2.2 and 5.5.5. Users are advised to upgrade. Users unable to upgrade should make use of parse server's security layers to manage access levels with Class-Level Permissions and Object-Level Access Control that should be used instead of custom security layers in Cloud Code triggers.