Total
275856 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35031 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2025-01-06 | 8.8 High |
| Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-24036. | ||||
| CVE-2023-34367 | 1 Microsoft | 1 Windows 7 | 2025-01-06 | 6.5 Medium |
| Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices). NOTE: The vendor considers this a low severity issue. | ||||
| CVE-2023-34364 | 1 Progress | 1 Datadirect Odbc Oracle Wire Protocol Driver | 2025-01-06 | 9.8 Critical |
| A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code. | ||||
| CVE-2023-34363 | 1 Progress | 1 Datadirect Odbc Oracle Wire Protocol Driver | 2025-01-06 | 5.9 Medium |
| An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security (OAS) encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses an insecure random number generator to generate the private key. It is possible for a well-placed attacker to predict the output of this random number generator, which could lead to an attacker decrypting traffic between the driver and the database server. The vulnerability does not exist if SSL / TLS encryption is used. | ||||
| CVE-2023-33557 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-01-06 | 8.8 High |
| Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php. | ||||
| CVE-2023-33515 | 1 Softexpert | 1 Excellence Suite | 2025-01-06 | 5.4 Medium |
| SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scripting (XSS) via query screens. | ||||
| CVE-2023-30262 | 1 Mimsoftware | 2 Mim Concurrent License Server, Mim Local Concurrent License Server | 2025-01-06 | 8.8 High |
| An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service. | ||||
| CVE-2023-30198 | 1 Webbax | 1 Winbizpayment | 2025-01-06 | 7.5 High |
| Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php. | ||||
| CVE-2023-2455 | 3 Fedoraproject, Postgresql, Redhat | 9 Fedora, Postgresql, Enterprise Linux and 6 more | 2025-01-06 | 5.4 Medium |
| Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. | ||||
| CVE-2023-2454 | 3 Fedoraproject, Postgresql, Redhat | 9 Fedora, Postgresql, Enterprise Linux and 6 more | 2025-01-06 | 7.2 High |
| schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. | ||||
| CVE-2023-29767 | 1 Appcrossx | 1 Crossx | 2025-01-06 | 5.5 Medium |
| An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files. | ||||
| CVE-2023-29749 | 1 Yandex | 1 Navigator | 2025-01-06 | 7.8 High |
| An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. | ||||
| CVE-2023-29714 | 1 Vadesecure | 1 Secure Gateway | 2025-01-06 | 6.1 Medium |
| Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter. | ||||
| CVE-2023-29713 | 1 Vadesecure | 1 Secure Gateway | 2025-01-06 | 6.1 Medium |
| Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory. | ||||
| CVE-2023-29712 | 1 Vadesecure | 1 Secure Gateway | 2025-01-06 | 6.1 Medium |
| Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter. | ||||
| CVE-2023-27716 | 1 Kafkaui-lite Project | 1 Kafkaui-lite | 2025-01-06 | 9.8 Critical |
| An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it. | ||||
| CVE-2023-27706 | 1 Bitwarden | 1 Bitwarden | 2025-01-06 | 7.1 High |
| Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes. | ||||
| CVE-2020-36732 | 1 Crypto-js Project | 1 Crypto-js | 2025-01-06 | 5.3 Medium |
| The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary. | ||||
| CVE-2019-16283 | 2 Hp, Microsoft | 2 Softpaq Installer, Windows | 2025-01-06 | 7.8 High |
| A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution. | ||||
| CVE-2023-2121 | 2 Hashicorp, Redhat | 2 Vault, Openshift Data Foundation | 2025-01-06 | 4.3 Medium |
| Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11. | ||||