Search Results (364243 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-39129 1 Gnu 1 Gdb 2024-11-21 5.5 Medium
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.
CVE-2023-39128 1 Gnu 1 Gdb 2024-11-21 5.5 Medium
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.
CVE-2023-39125 1 Ntsc-crt Project 1 Ntsc-crt 2024-11-21 7.5 High
NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp_rw.c because a file's width, height, and BPP are not validated. NOTE: the vendor's perspective is "this main application was not intended to be a well tested program, it's just something to demonstrate it works and for the user to see how to integrate it into their own programs."
CVE-2023-39122 1 Bmc 1 Control-m 2024-11-21 9.8 Critical
BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200).
CVE-2023-39121 1 Emlog 1 Emlog 2024-11-21 7.2 High
emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php.
CVE-2023-39115 1 Campcodes 1 Complete Online Matrimonial Website System Script 2024-11-21 9.8 Critical
install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.
CVE-2023-39114 1 Miniupnp Project 1 Ngiflib 2024-11-21 5.5 Medium
ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif.
CVE-2023-39113 1 Miniupnp Project 1 Ngiflib 2024-11-21 5.5 Medium
ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga.
CVE-2023-39112 1 Shopex 1 Ecshop 2024-11-21 6.5 Medium
ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel.
CVE-2023-39110 1 Rconfig 1 Rconfig 2024-11-21 8.8 High
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.
CVE-2023-39109 1 Rconfig 1 Rconfig 2024-11-21 8.8 High
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.
CVE-2023-39108 1 Rconfig 1 Rconfig 2024-11-21 8.8 High
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.
CVE-2023-39107 2 Apple, Nomachine 4 Macos, Enterprise Client, Free Edition and 1 more 2024-11-21 9.1 Critical
An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.
CVE-2023-39106 1 Alibabacloud 1 Nacos Spring Project 2024-11-21 8.8 High
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component.
CVE-2023-39097 1 Webboss 1 Webboss.io Cms 2024-11-21 5.4 Medium
WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability.
CVE-2023-39096 1 Webboss 1 Webboss.io Cms 2024-11-21 5.4 Medium
WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of input validation and output encoding.
CVE-2023-39094 1 Zerowdd 1 Studentmanager 2024-11-21 5.4 Medium
Cross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 allows a remote attacker to execute arbitrary code via the username parameter in the student list function.
CVE-2023-39086 1 Asus 2 Rt-ac66u B1, Rt-ac66u B1 Firmware 2024-11-21 7.5 High
ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext.
CVE-2023-39076 1 Gm 2 Chevrolet Equinox, Mylink Infotainment System 2024-11-21 4.6 Medium
Injecting random data into the USB memory area on a General Motors (GM) Chevrolet Equinox 2021 Software. 2021.03.26 (build version) vehicle causes a Denial of Service (DoS) in the in-car infotainment system.
CVE-2023-39075 1 Renault 2 Zoe Ev 2021, Zoe Ev 2021 Firmware 2024-11-21 4.6 Medium
Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device.