Search Results (363327 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-26431 1 Open-xchange 1 Open-xchange Appsuite Backend 2024-11-21 5 Medium
IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and running services. We now respect possible IPV4-mapped IPv6 addresses when checking if contained in a deny-list. No publicly available exploits are known.
CVE-2023-26430 1 Open-xchange 1 Open-xchange Appsuite Backend 2024-11-21 3.5 Low
Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite or to inject rules which would break per-user filter processing, requiring manual cleanup of such rules. We have added sanitization to all mail-filter APIs to avoid forwardning control characters to subsystems. No publicly available exploits are known.
CVE-2023-26429 1 Open-xchange 1 Open-xchange Appsuite Backend 2024-11-21 3.5 Low
Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly available exploits are known.
CVE-2023-26428 1 Open-xchange 1 Open-xchange Appsuite Backend 2024-11-21 6.5 Medium
Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared with other users. No publicly available exploits are known.
CVE-2023-26427 1 Open-xchange 1 Open-xchange Appsuite Backend 2024-11-21 3.2 Low
Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.
CVE-2023-26426 1 Adobe 1 Illustrator 2024-11-21 7.8 High
Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-26370 3 Adobe, Apple, Microsoft 5 Photoshop 2022, Photoshop 2023, Photoshop 2024 and 2 more 2024-11-21 7.8 High
Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-26368 3 Adobe, Apple, Microsoft 3 Incopy, Macos, Windows 2024-11-21 7.8 High
Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are affected by are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-26364 2 Adobe, Redhat 4 Css-tools, Migration Toolkit Applications, Migration Toolkit Runtimes and 1 more 2024-11-21 5.3 Medium
@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.
CVE-2023-26358 1 Adobe 1 Creative Cloud 2024-11-21 8.6 High
Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.
CVE-2023-26347 1 Adobe 1 Coldfusion 2024-11-21 7.5 High
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.
CVE-2023-26320 2 Mi, Xiaomi 3 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware, Xiaomi Router 2024-11-21 7.5 High
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.
CVE-2023-26319 2 Mi, Xiaomi 3 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware, Xiaomi Router 2024-11-21 6.7 Medium
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.
CVE-2023-26318 2 Mi, Xiaomi 3 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware, Xiaomi Router 2024-11-21 6.7 Medium
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers.
CVE-2023-26317 1 Mi 1 Xiaomi Router Firmware 2024-11-21 7 High
Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing.
CVE-2023-26316 1 Mi 1 Xiaomi Cloud 2024-11-21 6.1 Medium
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.
CVE-2023-26311 1 Oppo 1 Oppo Store 2024-11-21 7.4 High
A remote code execution vulnerability in the webview component of OPPO Store app.
CVE-2023-26310 1 Oppo 2 Coloros, Find X3 2024-11-21 7.4 High
There is a command injection problem in the old version of the mobile phone backup app.
CVE-2023-26309 1 Oneplus 1 Store 2024-11-21 7.4 High
A remote code execution vulnerability in the webview component of OnePlus Store app.
CVE-2023-26301 1 Hp 38 Color Laserjet Pro 4201-4203 4ra87f, Color Laserjet Pro 4201-4203 4ra87f Firmware, Color Laserjet Pro 4201-4203 4ra88f and 35 more 2024-11-21 9.8 Critical
Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.