Search Results (364348 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-39386 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart.
CVE-2023-39385 1 Huawei 2 Emui, Harmonyos 2024-11-21 9.1 Critical
Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access.
CVE-2023-39384 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-39383 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.
CVE-2023-39382 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Input verification vulnerability in the audio module. Successful exploitation of this vulnerability may cause virtual machines (VMs) to restart.
CVE-2023-39381 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart.
CVE-2023-39380 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.
CVE-2023-39379 1 Fujitsu 1 Software Infrastructure Manager 2024-11-21 7.5 High
Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060.
CVE-2023-39378 1 Siberiancms 1 Siberiancms 2024-11-21 8.8 High
SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user
CVE-2023-39377 1 Siberiancms 1 Siberiancms 2024-11-21 7.2 High
SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method
CVE-2023-39376 1 Siberiancms 1 Siberiancms 2024-11-21 6.5 Medium
SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network
CVE-2023-39375 1 Siberiancms 1 Siberiancms 2024-11-21 7.5 High
SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges
CVE-2023-39374 1 Forescout 1 Secureconnector 2024-11-21 7.8 High
ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element
CVE-2023-39373 1 Hyundai 2 Hyundai 2017, Hyundai 2017 Firmware 2024-11-21 7.4 High
 A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.
CVE-2023-39372 1 Startrinity 1 Softswitch 2024-11-21 8.1 High
StarTrinity Softswitch version 2023-02-16 - Multiple CSRF (CWE-352)
CVE-2023-39371 1 Startrinity 1 Softswitch 2024-11-21 8.8 High
StarTrinity Softswitch version 2023-02-16 - Open Redirect (CWE-601)
CVE-2023-39370 1 Startrinity 1 Softswitch 2024-11-21 8.8 High
StarTrinity Softswitch version 2023-02-16 - Persistent XSS (CWE-79)
CVE-2023-39369 1 Startrinity 1 Softswitch 2024-11-21 8.8 High
StarTrinity Softswitch version 2023-02-16 - Multiple Reflected XSS (CWE-79)
CVE-2023-39363 1 Vyperlang 1 Vyper 2024-11-21 5.9 Medium
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.
CVE-2023-39349 2 Getsentry, Sentry 2 Sentry, Sentry 2024-11-21 8.1 High
Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on `sentry.io`. For self-hosted users, it is advised to rotate user auth tokens. A fix is available in version 23.7.2 of `sentry` and `self-hosted`. There are no known workarounds.