Search Results (363371 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-26309 1 Oneplus 1 Store 2024-11-21 7.4 High
A remote code execution vulnerability in the webview component of OnePlus Store app.
CVE-2023-26301 1 Hp 38 Color Laserjet Pro 4201-4203 4ra87f, Color Laserjet Pro 4201-4203 4ra87f Firmware, Color Laserjet Pro 4201-4203 4ra88f and 35 more 2024-11-21 9.8 Critical
Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.
CVE-2023-26300 1 Hp 178 200 G4 22 All-in-one Pc \(rom Family Ssid 86f0\), 200 G4 22 All-in-one Pc \(rom Family Ssid 86f0\) Firmware, 200 G4 22 All-in-one Pc \(rom Family Ssid 86f2\) and 175 more 2024-11-21 7.8 High
A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability.
CVE-2023-26289 1 Ibm 1 Aspera Orchestrator 2024-11-21 5.4 Medium
IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 248478.
CVE-2023-26288 1 Ibm 1 Aspera Orchestrator 2024-11-21 5.5 Medium
IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 248477.
CVE-2023-26286 1 Ibm 2 Aix, Vios 2024-11-21 8.4 High
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421.
CVE-2023-26279 1 Ibm 1 Qradar Wincollect 2024-11-21 3.3 Low
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160.
CVE-2023-26276 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2024-11-21 5.9 Medium
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147.
CVE-2023-26274 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2024-11-21 4.6 Medium
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248144.
CVE-2023-26273 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2024-11-21 4.3 Medium
IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134.
CVE-2023-26272 1 Ibm 1 Guardium Cloud Key Manager 2024-11-21 5.3 Medium
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133.
CVE-2023-26271 1 Ibm 1 Guardium Cloud Key Manager 2024-11-21 5.3 Medium
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126.
CVE-2023-26270 1 Ibm 1 Guardium Cloud Key Manager 2024-11-21 6.5 Medium
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119.
CVE-2023-26268 2 Apache, Ibm 2 Couchdb, Cloudant 2024-11-21 4.4 Medium
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list * filter * filter views (using view functions as filters) * rewrite * update This doesn't affect map/reduce or search (Dreyfus) index functions. Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3). Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.
CVE-2023-26257 1 Covesa 1 Dlt-daemon 2024-11-21 7.5 High
An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.
CVE-2023-26239 1 Watchguard 8 Edr, Edr Firmware, Epdr and 5 more 2024-11-21 5.5 Medium
An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain credentials to access the management console as a non-privileged user.
CVE-2023-26238 1 Watchguard 8 Edr, Edr Firmware, Epdr and 5 more 2024-11-21 5.5 Medium
An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to enable or disable defensive capabilities by sending a crafted message to a named pipe.
CVE-2023-26237 1 Watchguard 8 Edr, Edr Firmware, Epdr and 5 more 2024-11-21 6.7 Medium
An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM.
CVE-2023-26236 1 Watchguard 8 Edr, Edr Firmware, Epdr and 5 more 2024-11-21 7.8 High
An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe.
CVE-2023-26222 1 Tibco 1 Ebx 2024-11-21 8.7 High
The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.22 and below, versions 6.0.13 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 5.0.0 and below.