Search Results (363401 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-2007 3 Debian, Linux, Netapp 13 Debian Linux, Linux Kernel, H300s and 10 more 2024-11-21 7.8 High
The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
CVE-2023-2002 3 Debian, Linux, Redhat 9 Debian Linux, Linux Kernel, Enterprise Linux and 6 more 2024-11-21 6.8 Medium
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
CVE-2023-29998 1 Gis3w 1 G3w-suite 2024-11-21 5.4 Medium
A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter.
CVE-2023-29984 5 Brother, Brother Industries, Fujifilm and 2 more 434 Dcp-1610w, Dcp-1610w Firmware, Dcp-1610we and 431 more 2024-11-21 7.5 High
Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service (DoS) condition. As for the affected products/models/versions, see the detailed information provided by each vendor.
CVE-2023-29975 1 Pfsense 1 Pfsense 2024-11-21 7.2 High
An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification.
CVE-2023-29974 1 Pfsense 1 Pfsense 2024-11-21 9.8 Critical
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.
CVE-2023-29973 1 Pfsense 1 Pfsense 2024-11-21 4.9 Medium
Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.
CVE-2023-29856 1 Dlink 2 Dir-868l, Dir-868l Firmware 2024-11-21 9.8 Critical
D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vulnerability is in scandir.sgi binary.
CVE-2023-29824 2 Redhat, Scipy 2 Openshift, Scipy 2024-11-21 9.8 Critical
A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.
CVE-2023-29770 1 Sapplica 1 Sentrifugo 2024-11-21 8.8 High
In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering.
CVE-2023-29689 1 Pyrocms 1 Pyrocms 2024-11-21 9.8 Critical
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.
CVE-2023-29656 1 Darktrace 1 Threat Visualizer 2024-11-21 6.1 Medium
An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control "antigena" actions(block/unblock traffic) from the mobile application. This vulnerability could create a "shutdown", blocking all ingress or egress traffic in the entire infrastructure where darktrace agents are deployed.
CVE-2023-29597 1 Bloofox 1 Bloofoxcms 2024-11-21 8.8 High
bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1.
CVE-2023-29583 1 Yasm Project 1 Yasm 2024-11-21 6.2 Medium
yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.
CVE-2023-29582 1 Yasm Project 1 Yasm 2024-11-21 5.5 Medium
yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.
CVE-2023-29581 1 Yasm Project 1 Yasm 2024-11-21 5.5 Medium
yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to be input validation before data reaches libyasm, or a sandbox in which the application runs.
CVE-2023-29579 1 Yasm Project 1 Yasm 2024-11-21 5.5 Medium
yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.
CVE-2023-29504 1 Intel 1 Realsense D400 Series Dynamic Calibration Tool 2024-11-21 6.7 Medium
Uncontrolled search path element in some Intel(R) RealSense(TM) Dynamic Calibration software before version 2.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-29500 1 Intel 22 Nuc 11 Performance Kit Nuc11pahi3, Nuc 11 Performance Kit Nuc11pahi30z, Nuc 11 Performance Kit Nuc11pahi30z Firmware and 19 more 2024-11-21 5.3 Medium
Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access.
CVE-2023-29494 2 Bios Firmware, Intel 49 Intel R Nucs, Nuc 11 Pro Board Nuc11tnbi3, Nuc 11 Pro Board Nuc11tnbi30z and 46 more 2024-11-21 7.5 High
Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.