Search Results (363576 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-32248 3 Linux, Netapp, Redhat 7 Linux Kernel, H300s, H410c and 4 more 2024-11-21 7.5 High
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
CVE-2023-32247 3 Linux, Netapp, Redhat 6 Linux Kernel, H300s, H410s and 3 more 2024-11-21 7.5 High
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
CVE-2023-32241 1 Wpdeveloper 1 Essential Addons For Elementor 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin <= 5.4.8 versions.
CVE-2023-32239 1 Xtemos 1 Woodmart Theme 2024-11-21 5.4 Medium
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme <= 7.2.1 versions.
CVE-2023-32236 1 Bookingultrapro 1 Appointments Booking Calendar 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin <= 1.1.8 versions.
CVE-2023-32232 1 Vasion 1 Printerlogic Client 2024-11-21 9.9 Critical
An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. During client installation and repair, a PrinterLogic binary is called by the installer to configure the device. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges).
CVE-2023-32231 1 Vasion 1 Printerlogic Client 2024-11-21 9.9 Critical
An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.818. During installation, binaries gets executed out of a subfolder in C:\Windows\Temp. A standard user can create the folder and path file ahead of time and obtain elevated code execution.
CVE-2023-32230 1 Bosch 7 Monitor Wall, Video Recording Manager, Video Streaming Gateway and 4 more 2024-11-21 7.5 High
An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.
CVE-2023-32227 1 Synel 2 Synergy\/a, Synergy\/a Firmware 2024-11-21 9.8 Critical
Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials
CVE-2023-32226 1 Sysaid 1 Sysaid On-premises 2024-11-21 8.3 High
Sysaid - CWE-552: Files or Directories Accessible to External Parties -  Authenticated users may exfiltrate files from the server via an unspecified method.
CVE-2023-32225 1 Sysaid 1 Sysaid On-premises 2024-11-21 9.8 Critical
Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type -  A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.
CVE-2023-32204 1 Intel 1 One Boot Flash Update 2024-11-21 8.8 High
Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-32202 1 Walchem 2 Intuition 9, Intuition 9 Firmware 2024-11-21 6.5 Medium
Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device.
CVE-2023-32200 1 Apache 1 Jena 2024-11-21 8.8 High
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.
CVE-2023-32187 1 K3s 1 K3s 2024-11-21 7.5 High
An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers' apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects k3s: from v1.24.0 before v1.24.17+k3s1, from v1.25.0 before v1.25.13+k3s1, from v1.26.0 before v1.26.8+k3s1, from sev1.27.0 before v1.27.5+k3s1, from v1.28.0 before v1.28.1+k3s1.
CVE-2023-32186 1 Suse 2 Rancher Rke2, Rke2 2024-11-21 7.5 High
A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1.
CVE-2023-32184 1 Opensuse 1 Welcome 2024-11-21 7.8 High
A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a.
CVE-2023-32183 1 Opensuse 1 Tumbleweed 2024-11-21 7.8 High
Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed.
CVE-2023-32182 2 Opensuse, Suse 3 Leap, Linux Enterprise High Performance Computing, Suse Linux Enterprise Desktop 2024-11-21 5.9 Medium
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.
CVE-2023-32163 2 Microsoft, Wacom 3 Windows, Driver, Drivers For Windows 2024-11-21 7.8 High
Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16857.