Search Results (363660 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-33307 1 Fortinet 2 Fortios, Fortiproxy 2024-11-21 6.4 Medium
A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter.
CVE-2023-33306 1 Fortinet 2 Fortios, Fortiproxy 2024-11-21 6.2 Medium
A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter.
CVE-2023-33305 1 Fortinet 3 Fortios, Fortiproxy, Fortiweb 2024-11-21 4.9 Medium
A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.
CVE-2023-33304 1 Fortinet 1 Forticlient 2024-11-21 4.4 Medium
A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials.
CVE-2023-33301 1 Fortinet 1 Fortios 2024-11-21 6.5 Medium
An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host.
CVE-2023-33299 1 Fortinet 1 Fortinac 2024-11-21 9.6 Critical
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed.
CVE-2023-33281 1 Nissan 2 Sylphy Classic 2021, Sylphy Classic 2021 Firmware 2024-11-21 6.5 Medium
The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the exploit demonstration does not match any technology that Nissan provides to customers.
CVE-2023-33274 1 Voltronicpower 1 Snmp Web Pro 2024-11-21 9.8 Critical
The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and affects all instances of SNMP Web Pro 1.1 without HTTP Digest authentication enabled, regardless of the password used for the web interface.
CVE-2023-33273 1 Dts 1 Monitoring 2024-11-21 9.8 Critical
An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection (blind).
CVE-2023-33272 1 Dts 1 Monitoring 2024-11-21 9.8 Critical
An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is vulnerable to OS command injection (blind).
CVE-2023-33271 1 Dts 1 Monitoring 2024-11-21 9.8 Critical
An issue was discovered in DTS Monitoring 3.57.0. The parameter common_name within the SSL Certificate check function is vulnerable to OS command injection (blind).
CVE-2023-33270 1 Dts 1 Monitoring 2024-11-21 9.8 Critical
An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection (blind).
CVE-2023-33269 1 Dts 1 Monitoring 2024-11-21 9.8 Critical
An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind).
CVE-2023-33268 1 Dts 1 Monitoring 2024-11-21 9.8 Critical
An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate check function is vulnerable to OS command injection (blind).
CVE-2023-33257 1 Verint 1 Engagement Management 2024-11-21 5.4 Medium
Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat.
CVE-2023-33242 1 Lindell17 Project 1 Lindell17 2024-11-21 9.6 Critical
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.
CVE-2023-33241 2 Gg18 Project, Gg20 Project 2 Gg18, Gg20 2024-11-21 9.6 Critical
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signatures or more fully exfiltrate the other parties' private key shares.
CVE-2023-33239 1 Moxa 9 Edr-810, Edr-g9010, Edr-g902 and 6 more 2024-11-21 8.8 High
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.
CVE-2023-33238 1 Moxa 8 Edr-810, Edr-g9010, Edr-g902 and 5 more 2024-11-21 7.2 High
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.
CVE-2023-33237 1 Moxa 2 Tn-5900, Tn-5900 Firmware 2024-11-21 8.8 High
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors.