Search Results (363785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-34430 1 Intel 1 Battery Life Diagnostic Tool 2024-11-21 6.7 Medium
Uncontrolled search path in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-34429 1 Weintek 1 Weincloud 2024-11-21 7.5 High
Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token.
CVE-2023-34427 1 Intel 2 Realsense 450 Fa, Realsense 450 Fa Firmware 2024-11-21 5.3 Medium
Protection mechanism failure in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-34422 1 Lenovo 1 Xclarity Administrator 2024-11-21 6.5 Medium
A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.
CVE-2023-34421 1 Lenovo 1 Xclarity Administrator 2024-11-21 6.5 Medium
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.
CVE-2023-34419 1 Lenovo 60 Legion 5-15ach6, Legion 5-15ach6 Firmware, Legion 5-15ach6a and 57 more 2024-11-21 6.7 Medium
A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2023-34412 2 Helmholz, Redlion 34 Rex 200, Rex 200 Firmware, Rex 250 and 31 more 2024-11-21 4.8 Medium
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).
CVE-2023-34395 1 Apache 1 Apache-airflow-providers-odbc 2024-11-21 7.8 High
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution. Starting version 4.0.0 driver can be set only from the hook constructor. This issue affects Apache Airflow ODBC Provider: before 4.0.0.
CVE-2023-34394 1 Keysight 1 Geolocation Server 2024-11-21 7.8 High
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition.
CVE-2023-34392 1 Selinc 1 Sel-5037 Sel Grid Configurator 2024-11-21 8.2 High
A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.
CVE-2023-34391 3 Microsoft, Schweitzer Engineering Laboratories, Selinc 3 Windows, Sel-5033 Acselerator Rtac Software, Sel-5033 Acselerator Real-time Automation Controller 2024-11-21 7.4 High
Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000.
CVE-2023-34390 1 Selinc 2 Sel-451, Sel-451 Firmware 2024-11-21 4.5 Medium
An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services. See product Instruction Manual Appendix A dated 20230830 for more details.
CVE-2023-34384 1 Kebo Twitter Feed Project 1 Kebo Twitter Feed 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter Feed plugin <= 1.5.12 versions.
CVE-2023-34378 1 Scriptburn 1 Wp Hide Post 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in scriptburn.Com WP Hide Post plugin <= 2.0.10 versions.
CVE-2023-34377 1 Joedolson 1 My Content Management 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joseph C Dolson My Content Management plugin <= 1.7.6 versions.
CVE-2023-34375 1 10web 1 Seo 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web SEO by 10Web plugin <= 1.2.9 versions.
CVE-2023-34374 1 Anspress 1 Anspress 2024-11-21 5.9 Medium
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Rahul Aryan AnsPress plugin <= 4.3.0 versions.
CVE-2023-34373 1 Zephyr Project Manager Project 1 Zephyr Project Manager 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions.
CVE-2023-34372 1 Didcode 1 Spamreferrerblock 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Didier Sampaolo SpamReferrerBlock plugin <= 2.22 versions.
CVE-2023-34369 1 Login Configurator Project 1 Login Configurator 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <= 2.1 versions.