Search Results (363801 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-34993 1 Fortinet 1 Fortiwlm 2024-11-21 9.6 Critical
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
CVE-2023-34989 1 Fortinet 1 Fortiwlm 2024-11-21 8.6 High
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.
CVE-2023-34988 1 Fortinet 1 Fortiwlm 2024-11-21 8.6 High
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.
CVE-2023-34987 1 Fortinet 1 Fortiwlm 2024-11-21 8.6 High
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.
CVE-2023-34986 1 Fortinet 1 Fortiwlm 2024-11-21 8.6 High
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.
CVE-2023-34985 1 Fortinet 1 Fortiwlm 2024-11-21 8.6 High
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.
CVE-2023-34983 1 Intel 10 Killer, Killer Wi-fi 6 Ax1650, Killer Wi-fi 6e Ax1675 and 7 more 2024-11-21 4.3 Medium
Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-34982 1 Aveva 13 Batch Management, Communication Drivers, Edge and 10 more 2024-11-21 5.5 Medium
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.
CVE-2023-34977 1 Qnap 1 Video Station 2024-11-21 4.6 Medium
A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later
CVE-2023-34973 1 Qnap 2 Qts, Quts Hero 2024-11-21 3.1 Low
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later
CVE-2023-34972 1 Qnap 2 Qts, Quts Hero 2024-11-21 3.5 Low
A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later
CVE-2023-34971 1 Qnap 2 Qts, Quts Hero 2024-11-21 7.1 High
An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later
CVE-2023-34960 1 Chamilo 1 Chamilo 2024-11-21 9.8 Critical
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
CVE-2023-34942 1 Asus 2 Rt-n10lx, Rt-n10lx Firmware 2024-11-21 7.5 High
Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-34941 1 Asus 2 Rt-n10lx, Rt-n10lx Firmware 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-34917 1 Cms Project 1 Cms 2024-11-21 6.1 Medium
Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java.
CVE-2023-34916 1 Cms Project 1 Cms 2024-11-21 6.1 Medium
Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java.
CVE-2023-34869 1 Phpjabbers 1 Catering System 2024-11-21 6.1 Medium
PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php?controller=pjAdmin&action=pjActionForgot.
CVE-2023-34853 1 Supermicro 542 H11dsi, H11dsi-nt, H11dsi-nt Firmware and 539 more 2024-11-21 7.8 High
Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable.
CVE-2023-34845 1 Bludit 1 Bludit 2024-11-21 5.4 Medium
Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).