Search Results (363531 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-31582 2 Jose4j Project, Redhat 4 Jose4j, Amq Streams, Jboss Data Grid and 1 more 2024-11-21 7.5 High
jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.
CVE-2023-31581 1 Dromara 1 Sureness 2024-11-21 9.8 Critical
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.
CVE-2023-31580 1 Networknt 1 Light-oauth2 2024-11-21 5.9 Medium
light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.
CVE-2023-31579 1 Tangyh 1 Lamp-cloud 2024-11-21 9.8 Critical
Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token.
CVE-2023-31546 1 Dedebiz 1 Dedebiz 2024-11-21 9.6 Critical
Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature.
CVE-2023-31517 1 Teeworlds 1 Teeworlds 2024-11-21 7.5 High
A memory leak in the component CConsole::Chain of Teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via opening a crafted file.
CVE-2023-31490 4 Debian, Fedoraproject, Frrouting and 1 more 4 Debian Linux, Fedora, Frrouting and 1 more 2024-11-21 7.5 High
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.
CVE-2023-31489 3 Fedoraproject, Frrouting, Redhat 3 Fedora, Frrouting, Enterprise Linux 2024-11-21 5.5 Medium
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function.
CVE-2023-31488 1 Cisco 3 Ironport Email Security Appliance, Secure Email Gateway, Secure Email Gateway Firmware 2024-11-21 9.8 Critical
Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute arbitrary code via a crafted document.
CVE-2023-31469 1 Apache 1 Streampipes 2024-11-21 8.8 High
A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0.
CVE-2023-31468 1 Inosoft 1 Visiwin 7 2024-11-21 7.8 High
An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version.
CVE-2023-31466 1 Fsmlabs 1 Timekeeper 2024-11-21 5.4 Medium
An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Configuration -> Compliance -> Add a new compliance report" and "Configuration -> Timekeeper Configuration -> Add a new source there" screens, there are entry points to inject JavaScript code.
CVE-2023-31465 1 Fsmlabs 1 Timekeeper 2024-11-21 9.8 Critical
An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.
CVE-2023-31462 1 Steelseries 1 Gg 2024-11-21 8.8 High
An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges.
CVE-2023-31461 1 Steelseries 1 Gg 2024-11-21 7.5 High
Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability.
CVE-2023-31455 1 Pexip 1 Pexip Infinity 2024-11-21 7.5 High
Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.
CVE-2023-31454 1 Apache 1 Inlong 2024-11-21 7.5 High
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.  The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947
CVE-2023-31453 1 Apache 1 Inlong 2024-11-21 7.5 High
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949
CVE-2023-31452 1 Paessler 1 Prtg Network Monitor 2024-11-21 8.8 High
A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-31447 1 Draytek 4 Vigor2620, Vigor2620 Firmware, Vigor2625 and 1 more 2024-11-21 9.8 Critical
user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code.