Search Results (363288 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-24532 2 Golang, Redhat 10 Go, Enterprise Linux, Migration Toolkit Applications and 7 more 2024-11-21 5.3 Medium
The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.
CVE-2023-24523 1 Sap 1 Host Agent 2024-11-21 8.8 High
An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges.  The OS command can read or modify any user or system data and can make the system unavailable.
CVE-2023-24518 1 Pandorafms 1 Pandora Fms 2024-11-21 6.7 Medium
A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. This issue affects Pandora FMS version 767 and earlier versions on all platforms.
CVE-2023-24517 1 Pandorafms 1 Pandora Fms 2024-11-21 6.4 Medium
Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms.
CVE-2023-24516 1 Pandorafms 1 Pandora Fms 2024-11-21 5.9 Medium
Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and prior versions on all platforms.
CVE-2023-24515 1 Pandorafms 1 Pandora Fms 2024-11-21 5.2 Medium
Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to fetch internal file content. This issue affects Pandora FMS v767 version and prior versions on all platforms.
CVE-2023-24514 1 Pandorafms 1 Pandora Fms 2024-11-21 6.3 Medium
Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. This issue affects Pandora FMS v767 version and prior versions on all platforms.
CVE-2023-24492 2 Canonical, Citrix 2 Ubuntu Linux, Secure Access Client 2024-11-21 9.6 Critical
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.
CVE-2023-24491 2 Citrix, Microsoft 2 Secure Access Client, Windows 2024-11-21 7.8 High
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM.
CVE-2023-24490 1 Citrix 2 Linux Virtual Delivery Agent, Virtual Apps And Desktops 2024-11-21 6.3 Medium
Users with only access to launch VDA applications can launch an unauthorized desktop
CVE-2023-24488 1 Citrix 2 Application Delivery Controller, Gateway 2024-11-21 6.1 Medium
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway  in allows and attacker to perform cross site scripting
CVE-2023-24487 1 Citrix 2 Application Delivery Controller, Gateway 2024-11-21 6.3 Medium
Arbitrary file read in Citrix ADC and Citrix Gateway 
CVE-2023-24486 1 Citrix 1 Workspace 2024-11-21 5.5 Medium
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.
CVE-2023-24479 1 Yifanwireless 2 Yf325, Yf325 Firmware 2024-11-21 9.8 Critical
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.
CVE-2023-24478 1 Intel 1 Quartus Prime 2024-11-21 5.5 Medium
Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-24477 1 Nozominetworks 2 Cmc, Guardian 2024-11-21 7 High
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session.
CVE-2023-24474 1 Honeywell 4 Direct Station, Engineering Station, Experion Server and 1 more 2024-11-21 7.5 High
Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message
CVE-2023-24473 1 Openimageio 1 Openimageio 2024-11-21 5.3 Medium
An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2023-24471 1 Nozominetworks 2 Cmc, Guardian 2024-11-21 6.5 Medium
An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.
CVE-2023-24463 1 Intel 1 Thunderbolt Dch Driver 2024-11-21 4.3 Medium
Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.