Search Results (363290 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-24831 1 Apache 1 Iotdb 2024-11-21 9.8 Critical
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4.
CVE-2023-24737 1 Sigb 1 Pmb 2024-11-21 6.1 Medium
PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php.
CVE-2023-24736 1 Sigb 1 Pmb 2024-11-21 9.8 Critical
PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php.
CVE-2023-24735 1 Sigb 1 Pmb 2024-11-21 6.1 Medium
PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL.
CVE-2023-24733 1 Sigb 1 Pmb 2024-11-21 6.1 Medium
PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php.
CVE-2023-24726 1 Phpgurukul 1 Art Gallery Management System 2024-11-21 9.8 Critical
Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page.
CVE-2023-24698 1 Foswiki 1 Foswiki 2024-11-21 7.5 High
Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request.
CVE-2023-24675 1 Bludit 1 Bludit 2024-11-21 4.8 Medium
Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL.
CVE-2023-24674 1 Bludit 1 Bludit 2024-11-21 7.8 High
Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter.
CVE-2023-24621 1 Esotericsoftware 1 Yamlbeans 2024-11-21 7.8 High
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.
CVE-2023-24620 1 Esotericsoftware 1 Yamlbeans 2024-11-21 5.5 Medium
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.
CVE-2023-24609 2 Matrixssl, Rambus 2 Matrixssl, Tls Toolkit 2024-11-21 7.5 High
Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate.
CVE-2023-24607 1 Qt 1 Qt 2024-11-21 7.5 High
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.
CVE-2023-24595 1 Milesight 2 Ur32l, Ur32l Firmware 2024-11-21 7.2 High
An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. A specially crafted series of network requests can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-24592 1 Intel 5 Advisor, Inspector, Mpi Library and 2 more 2024-11-21 7.3 High
Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-24590 1 Gallagher 2 Controller 6000, Controller 6000 Firmware 2024-11-21 7.5 High
A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.
CVE-2023-24588 1 Intel 10 Optane Memory H20 With Solid State Storage, Optane Memory H20 With Solid State Storage Firmware, Optane Ssd 900p and 7 more 2024-11-21 5.9 Medium
Exposure of sensitive information to an unauthorized actor in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access.
CVE-2023-24587 1 Intel 10 Optane Memory H20 With Solid State Storage, Optane Memory H20 With Solid State Storage Firmware, Optane Ssd 900p and 7 more 2024-11-21 6.9 Medium
Insufficient control flow management in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable denial of service via local access.
CVE-2023-24585 2 Silabs, Weston-embedded 3 Gecko Software Development Kit, Cesium Net, Uc-http 2024-11-21 7.7 High
An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
CVE-2023-24555 1 Siemens 2 Solid Edge Se2022, Solid Edge Se2023 2024-11-21 7.8 High
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.