Search Results (364439 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-39989 1 Draftpress 1 Header Footer Code Manager 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions.
CVE-2023-39988 1 Tencent 1 Wxsync 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in 标准云(std.Cloud) WxSync plugin <= 2.7.23 versions.
CVE-2023-39987 1 Joomlaserviceprovider 1 Wsecure 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay Lulia wSecure Lite plugin <= 2.5 versions.
CVE-2023-39986 1 Hitachi 1 Eh-view 2024-11-21 7.8 High
** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially disclose information on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-39985 1 Hitachi 1 Eh-view 2024-11-21 7.8 High
** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-39984 1 Hitachi 1 Eh-view 2024-11-21 7.8 High
** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially disclose information and execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-39983 1 Moxa 1 Mxsecurity 2024-11-21 5.3 Medium
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.
CVE-2023-39982 1 Moxa 1 Mxsecurity 2024-11-21 7.5 High
A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.
CVE-2023-39981 1 Moxa 1 Mxsecurity 2024-11-21 7.5 High
A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker.
CVE-2023-39980 1 Moxa 1 Mxsecurity 2024-11-21 7.1 High
A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands.
CVE-2023-39979 1 Moxa 1 Mxsecurity 2024-11-21 9.8 Critical
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.  
CVE-2023-39976 2 Clusterlabs, Redhat 3 Libqb, Enterprise Linux, Rhel Eus 2024-11-21 9.8 Critical
log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.
CVE-2023-39974 1 Acymailing 1 Acymailing 2024-11-21 5.3 Medium
Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list.
CVE-2023-39973 1 Acymailing 1 Acymailing 2024-11-21 4.3 Medium
Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns.
CVE-2023-39972 1 Acymailing 1 Acymailing 2024-11-21 4.3 Medium
Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized users to create new mailing lists.
CVE-2023-39971 1 Acymailing 1 Acymailing 2024-11-21 6.1 Medium
Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS. This issue affects AcyMailing Enterprise component for Joomla: 6.7.0-8.6.3.
CVE-2023-39970 1 Acyba 1 Acymailing Starter 2024-11-21 9.8 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in AcyMailing component for Joomla. It allows remote code execution.
CVE-2023-39969 1 Trailofbits 1 Uthenticode 2024-11-21 9.1 Critical
uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual address, in violation of the Authenticode specification. As a result, an attacker could modify code within a binary without changing its Authenticode hash, making it appear valid from uthenticode's perspective. Versions of uthenticode prior to 1.0.9 are not vulnerable to this attack, nor are versions in the 2.x series. By design, uthenticode does not perform full-chain validation. However, the malleability of signature verification introduced in 1.0.9 was an unintended oversight. The 2.x series addresses the vulnerability. Versions prior to 1.0.9 are also not vulnerable, but users are encouraged to upgrade rather than downgrade. There are no workarounds to this vulnerability.
CVE-2023-39967 1 Wiremock 2 Studio, Wiremock 2024-11-21 10 Critical
WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via “TestRequester” functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives.
CVE-2023-39966 1 Fit2cloud 1 1panel 2024-11-21 7.5 High
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.