Search Results (363715 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-34446 1 Combodo 1 Itop 2024-11-21 8.8 High
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
CVE-2023-34442 1 Apache 1 Camel 2024-11-21 3.3 Low
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1
CVE-2023-34441 1 Bakerhughes 2 Bentley Nevada 3500 System, Bentley Nevada 3500 System Firmware 2024-11-21 6.8 Medium
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests.
CVE-2023-34439 1 Pleasanter 1 Pleasanter 2024-11-21 5.4 Medium
Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.
CVE-2023-34438 1 Intel 142 Compute Element Stk2mv64cc, Compute Element Stk2mv64cc Firmware, Nuc Board Nuc7i3bnb and 139 more 2024-11-21 7.5 High
Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-34433 1 Piigab 2 M-bus 900s, M-bus 900s Firmware 2024-11-21 7.5 High
PiiGAB M-Bus stores passwords using a weak hash algorithm.
CVE-2023-34432 3 Fedoraproject, Redhat, Sound Exchange Project 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more 2024-11-21 7.8 High
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.
CVE-2023-34431 1 Intel 66 Compute Module Hns2600bpb, Compute Module Hns2600bpb24, Compute Module Hns2600bpb24 Firmware and 63 more 2024-11-21 8.2 High
Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access
CVE-2023-34430 1 Intel 1 Battery Life Diagnostic Tool 2024-11-21 6.7 Medium
Uncontrolled search path in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-34429 1 Weintek 1 Weincloud 2024-11-21 7.5 High
Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token.
CVE-2023-34427 1 Intel 2 Realsense 450 Fa, Realsense 450 Fa Firmware 2024-11-21 5.3 Medium
Protection mechanism failure in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-34422 1 Lenovo 1 Xclarity Administrator 2024-11-21 6.5 Medium
A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.
CVE-2023-34421 1 Lenovo 1 Xclarity Administrator 2024-11-21 6.5 Medium
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.
CVE-2023-34419 1 Lenovo 60 Legion 5-15ach6, Legion 5-15ach6 Firmware, Legion 5-15ach6a and 57 more 2024-11-21 6.7 Medium
A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2023-34412 2 Helmholz, Redlion 34 Rex 200, Rex 200 Firmware, Rex 250 and 31 more 2024-11-21 4.8 Medium
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).
CVE-2023-34395 1 Apache 1 Apache-airflow-providers-odbc 2024-11-21 7.8 High
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution. Starting version 4.0.0 driver can be set only from the hook constructor. This issue affects Apache Airflow ODBC Provider: before 4.0.0.
CVE-2023-34394 1 Keysight 1 Geolocation Server 2024-11-21 7.8 High
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition.
CVE-2023-34392 1 Selinc 1 Sel-5037 Sel Grid Configurator 2024-11-21 8.2 High
A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.
CVE-2023-34391 3 Microsoft, Schweitzer Engineering Laboratories, Selinc 3 Windows, Sel-5033 Acselerator Rtac Software, Sel-5033 Acselerator Real-time Automation Controller 2024-11-21 7.4 High
Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000.
CVE-2023-34390 1 Selinc 2 Sel-451, Sel-451 Firmware 2024-11-21 4.5 Medium
An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services. See product Instruction Manual Appendix A dated 20230830 for more details.