Search Results (363853 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-36947 1 Totolink 4 A7000r, A7000r Firmware, X5000r and 1 more 2024-11-21 8.8 High
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.
CVE-2023-36942 1 Phpgurukul 1 Online Fire Reporting System 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field.
CVE-2023-36941 1 Phpgurukul 1 Online Fire Reporting System 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name, leader, and member fields.
CVE-2023-36940 1 Phpgurukul 1 Online Fire Reporting System 2024-11-21 4.8 Medium
Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2 allows attackers to execute arbitrary code via a crafted payload injected into the search field.
CVE-2023-36939 1 Phpgurukul 1 Hostel Management System 2024-11-21 6.1 Medium
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field.
CVE-2023-36936 1 Phpgurukul 1 Online Security Guards Hiring System 2024-11-21 6.1 Medium
Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search booking box.
CVE-2023-36926 1 Sap 1 Host Agent 2024-11-21 3.7 Low
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server.  There is no impact on integrity or availability.
CVE-2023-36925 1 Sap 1 Solution Manager 2024-11-21 7.2 High
SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application and other applications the Diagnostics Agent can reach.
CVE-2023-36924 1 Sap 1 Erp Defense Forces And Public Security 2024-11-21 4.9 Medium
While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could modify all the syslog data causing a complete compromise of integrity of the application.
CVE-2023-36923 1 Sap 1 Powerdesigner 2024-11-21 7.8 High
SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application.
CVE-2023-36922 1 Sap 1 Netweaver 2024-11-21 9.1 Critical
Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension.  On successful exploitation, the attacker can read or modify the system data as well as shut down the system.
CVE-2023-36921 1 Sap 1 Solution Manager 2024-11-21 7.2 High
SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application.
CVE-2023-36920 1 Sap 4 Enable Now Enable Now Consump Del, Enable Now Wpb Manager, Enable Now Wpb Manager Ce and 1 more 2024-11-21 6.1 Medium
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.
CVE-2023-36919 1 Sap 1 Enable Now 2024-11-21 5.3 Medium
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure.
CVE-2023-36918 1 Sap 1 Enable Now 2024-11-21 6.1 Medium
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in disclosure or modification of information.
CVE-2023-36917 1 Sap 1 Businessobjects Business Intelligence 2024-11-21 5.9 Medium
SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. Although the attack has no impact on integrity loss or system availability, this could lead to an attacker to completely takeover a victim’s account.
CVE-2023-36862 1 Apple 1 Macos 2024-11-21 5.5 Medium
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location.
CVE-2023-36860 4 Apple, Google, Intel and 1 more 4 Iphone Os, Android, Unison Software and 1 more 2024-11-21 7.6 High
Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.
CVE-2023-36859 1 Piigab 2 M-bus 900s, M-bus 900s Firmware 2024-11-21 8.8 High
PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user input, which could allow an attacker to inject arbitrary commands.
CVE-2023-36858 3 Apple, F5, Microsoft 5 Macos, Access Policy Manager Clients, Big-ip Access Policy Manager and 2 more 2024-11-21 7.1 High
An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.