Search Results (363819 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-35798 1 Apache 2 Apache-airflow-providers-microsoft-mssql, Apache-airflow-providers-odbc 2024-11-21 4.3 Medium
Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it. This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1. It is recommended to upgrade to a version that is not affected
CVE-2023-35796 1 Siemens 1 Sinema Server 2024-11-21 8.3 High
A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823)
CVE-2023-35794 1 Cassianetworks 1 Access Controller 2024-11-21 8.8 High
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console.
CVE-2023-35793 1 Cassianetworks 1 Access Controller 2024-11-21 8.8 High
An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks.
CVE-2023-35785 1 Zohocorp 17 Manageengine Ad360, Manageengine Adaudit Plus, Manageengine Admanager Plus and 14 more 2024-11-21 8.1 High
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.
CVE-2023-35781 1 Lws 1 Lws Cleaner 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin <= 2.3.0 versions.
CVE-2023-35780 1 Galleria Project 1 Galleria 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Andy Whalen Galleria plugin <= 1.0.3 versions.
CVE-2023-35779 1 Seedwebs 1 Seed Fonts 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seed Webs Seed Fonts plugin <= 2.3.1 versions.
CVE-2023-35778 1 Recent Posts Slider Project 1 Recent Posts Slider 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions.
CVE-2023-35776 1 Bearsthemes 1 Sermons Online 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e – Sermons Online plugin <= 1.0.0 versions.
CVE-2023-35774 1 Lws 1 Lws Tools 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.4.1 versions.
CVE-2023-35773 1 Template Debugger Project 1 Template Debugger 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Danny Hearnah - ChubbyNinjaa Template Debugger plugin <= 3.1.2 versions.
CVE-2023-35772 1 Google Map Shortcode Project 1 Google Map Shortcode 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Gonzalez Google Map Shortcode plugin <= 3.1.2 versions.
CVE-2023-35769 1 Intel 1 Computing Improvement Program 2024-11-21 6.7 Medium
Uncontrolled search path in some Intel(R) CIP software before version 2.4.10577 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-35767 1 Perforce 1 Helix Core 2024-11-21 7.5 High
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.  
CVE-2023-35765 1 Piigab 2 M-bus 900s, M-bus 900s Firmware 2024-11-21 6.5 Medium
PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials.
CVE-2023-35763 1 Iagona 1 Scrutisweb 2024-11-21 5.5 Medium
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext.
CVE-2023-35762 1 Inea 2 Me Rtu, Me Rtu Firmware 2024-11-21 9.9 Critical
Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution.
CVE-2023-35759 1 Progress 1 Whatsup Gold 2024-11-21 6.1 Medium
In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS.
CVE-2023-35719 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 6.8 Medium
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.