Search Results (364232 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-39021 1 Wix 1 Wix Embedded Mysql 2024-11-21 9.8 Critical
wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument.
CVE-2023-39020 1 Stanford 1 Stanford Parser 2024-11-21 9.8 Critical
stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument.
CVE-2023-39017 1 Softwareag 1 Quartz 2024-11-21 9.8 Critical
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.
CVE-2023-39016 1 Bbossgroups 1 Bboss 2024-11-21 9.8 Critical
bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument.
CVE-2023-39015 1 Code4craft 1 Webmagic 2024-11-21 9.8 Critical
webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader.
CVE-2023-39013 1 Larsga 1 Duke 2024-11-21 9.8 Critical
Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init.
CVE-2023-39010 1 Boofcv 1 Boofcv 2024-11-21 9.8 Critical
BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file.
CVE-2023-39008 1 Opnsense 1 Opnsense 2024-11-21 9.8 Critical
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands.
CVE-2023-39007 1 Opnsense 1 Opnsense 2024-11-21 9.6 Critical
/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.
CVE-2023-39006 1 Opnsense 1 Opnsense 2024-11-21 5.4 Medium
The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization.
CVE-2023-39005 1 Opnsense 1 Opnsense 2024-11-21 7.5 High
Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2.
CVE-2023-39004 1 Opnsense 1 Opnsense 2024-11-21 9.8 Critical
Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.
CVE-2023-39003 1 Opnsense 1 Opnsense 2024-11-21 7.5 High
OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp.
CVE-2023-39002 1 Opnsense 1 Opnsense 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-39001 1 Opnsense 1 Opnsense 2024-11-21 9.8 Critical
A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file.
CVE-2023-39000 1 Opnsense 1 Opnsense 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path.
CVE-2023-38999 1 Opnsense 1 Opnsense 2024-11-21 6.5 Medium
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVE-2023-38998 1 Opnsense 1 Opnsense 2024-11-21 6.1 Medium
An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.
CVE-2023-38997 1 Opnsense 1 Opnsense 2024-11-21 7.2 High
A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.
CVE-2023-38996 1 Douran 1 Dsgate 2024-11-21 6.7 Medium
An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command.