Search Results (363504 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-30958 1 Zabbix 1 Frontend 2024-11-21 4.7 Medium
A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0.
CVE-2023-30956 1 Palantir 1 Foundry Comments 2024-11-21 5.3 Medium
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.
CVE-2023-30955 1 Palantir 1 Foundry Workspace-server 2024-11-21 4.3 Medium
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
CVE-2023-30954 1 Palantir 1 Video-application-server 2024-11-21 2.7 Low
The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized.
CVE-2023-30952 1 Palantir 1 Foundry 2024-11-21 5 Medium
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .
CVE-2023-30951 1 Palantir 1 Magritte-rest-source-bundle 2024-11-21 6.3 Medium
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE).
CVE-2023-30950 1 Palantir 1 Foundry Campaigns 2024-11-21 6.5 Medium
The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint
CVE-2023-30949 1 Palantir 1 Slate 2024-11-21 4.3 Medium
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.
CVE-2023-30946 1 Palantir 1 Foundry Issues 2024-11-21 3.5 Low
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
CVE-2023-30944 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-11-21 5.6 Medium
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.
CVE-2023-30943 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-11-21 6.5 Medium
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.
CVE-2023-30912 1 Hpe 1 Oneview 2024-11-21 7.2 High
A remote code execution issue exists in HPE OneView.
CVE-2023-30911 1 Hpe 77 Alletra 4110, Alletra 4120, Alletra 4140 and 74 more 2024-11-21 6.8 Medium
HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service.
CVE-2023-30910 1 Hpe 6 Msa 1060 Storage, Msa 1060 Storage Firmware, Msa 2060 Storage and 3 more 2024-11-21 5.4 Medium
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. 
CVE-2023-30909 2 Hp, Hpe 3 Oneview, Oneview, Oneview Global Dashboard 2024-11-21 9.8 Critical
A remote authentication bypass issue exists in some OneView APIs.
CVE-2023-30906 1 Hpe 1 Intelligent Provisioning 2024-11-21 7.5 High
The vulnerability could be locally exploited to allow escalation of privilege.
CVE-2023-30877 1 Icopydoc 1 Xml For Google Merchant Center 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Glazunov XML for Google Merchant Center plugin <= 3.0.1 versions.
CVE-2023-30876 1 Davidmichaelross 1 Dave\'s Wordpress Live Search 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dave Ross Dave's WordPress Live Search plugin <= 4.8.1 versions.
CVE-2023-30875 1 Allmywebneeds 1 Logo Scheduler 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in All My Web Needs Logo Scheduler plugin <= 1.2.0 versions.
CVE-2023-30871 1 Webdados 1 Stock Exporter For Woocommerce 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PT Woo Plugins (by Webdados) Stock Exporter for WooCommerce plugin <= 1.1.0 versions.