Search Results (363690 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-33219 1 Idemia 16 Morphowave Compact, Morphowave Compact Firmware, Morphowave Sp and 13 more 2024-11-21 6.5 Medium
The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device
CVE-2023-33218 1 Idemia 16 Morphowave Compact, Morphowave Compact Firmware, Morphowave Sp and 13 more 2024-11-21 6.5 Medium
The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device.
CVE-2023-33217 1 Idemia 16 Morphowave Compact, Morphowave Compact Firmware, Morphowave Sp and 13 more 2024-11-21 4.9 Medium
By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer
CVE-2023-33213 1 Gvectors 1 Wpview 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Display Custom Fields – wpView plugin <= 1.3.0 versions.
CVE-2023-33212 1 Crocoblock 1 Jetformbuilder 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.0.6 versions.
CVE-2023-33210 1 Nuajik 1 Nuajik-cdn 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nuajik plugin <= 0.1.0 versions.
CVE-2023-33208 1 Cookie Monster Project 1 Cookie Monster 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gsmith Cookie Monster plugin <= 1.51 versions.
CVE-2023-33190 2 Sealos, Sealos Project 2 Sealos, Sealos 2024-11-21 10 Critical
Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.1-rc4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-33176 1 Bigbluebutton 1 Bigbluebutton 2024-11-21 4.8 Medium
BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery (SSRF) vulnerability. In an `insertDocument` API request the user is able to supply a URL from which the presentation should be downloaded. This URL was being used without having been successfully validated first. An update to the `followRedirect` method in the `PresentationUrlDownloadService` has been made to validate all URLs to be used for presentation download. Two new properties `presentationDownloadSupportedProtocols` and `presentationDownloadBlockedHosts` have also been added to `bigbluebutton.properties` to allow administrators to define what protocols a URL must use and to explicitly define hosts that a presentation cannot be downloaded from. All URLs passed to `insertDocument` must conform to the requirements of the two previously mentioned properties. Additionally, these URLs must resolve to valid addresses, and these addresses must not be local or loopback addresses. There are no workarounds. Users are advised to upgrade to a patched version of BigBlueButton.
CVE-2023-33097 1 Qualcomm 244 Ar8035, Ar8035 Firmware, Csr8811 and 241 more 2024-11-21 7.5 High
Transient DOS in WLAN Firmware while processing a FTMR frame.
CVE-2023-33081 1 Qualcomm 298 Aqt1000, Aqt1000 Firmware, Ar8035 and 295 more 2024-11-21 7.5 High
Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.
CVE-2023-33061 1 Qualcomm 230 Ar8035, Ar8035 Firmware, Csr8811 and 227 more 2024-11-21 7.5 High
Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame.
CVE-2023-33060 1 Qualcomm 94 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 91 more 2024-11-21 7.1 High
Transient DOS in Core when DDR memory check is called while DDR is not initialized.
CVE-2023-33058 1 Qualcomm 94 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 91 more 2024-11-21 8.2 High
Information disclosure in Modem while processing SIB5.
CVE-2023-33056 1 Qualcomm 232 Ar8035, Ar8035 Firmware, Csr8811 and 229 more 2024-11-21 7.5 High
Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE.
CVE-2023-33048 1 Qualcomm 232 Ar8035, Ar8035 Firmware, Csr8811 and 229 more 2024-11-21 7.5 High
Transient DOS in WLAN Firmware while parsing t2lm buffers.
CVE-2023-33045 1 Qualcomm 265 Ar8035, Ar8035 Firmware, Csr8811 and 262 more 2024-11-21 9.8 Critical
Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.
CVE-2023-33041 1 Qualcomm 254 Ar8035, Ar8035 Firmware, Csr8811 and 251 more 2024-11-21 7.5 High
Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.
CVE-2023-33038 1 Qualcomm 288 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 285 more 2024-11-21 6.7 Medium
Memory corruption while receiving a message in Bus Socket Transport Server.
CVE-2023-33036 1 Qualcomm 208 Aqt1000, Aqt1000 Firmware, Ar8035 and 205 more 2024-11-21 7.1 High
Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.