Search Results (363262 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-23364 1 Qnap 1 Multimedia Console 2024-11-21 8.1 High
A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.1 ( 2023/03/29 ) and later Multimedia Console 1.4.7 ( 2023/03/20 ) and later
CVE-2023-23363 1 Qnap 1 Qts 2024-11-21 8.1 High
A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later
CVE-2023-23362 1 Qnap 3 Qts, Quts Hero, Qutscloud 2024-11-21 8.8 High
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later
CVE-2023-23348 1 Hcltechsw 1 Hcl Launch 2024-11-21 5.1 Medium
HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed.
CVE-2023-23347 1 Hcltech 1 Dryice Iautomate 2024-11-21 6.4 Medium
HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.
CVE-2023-23346 1 Hcltech 1 Dryice Mycloud 2024-11-21 6.4 Medium
HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.
CVE-2023-23344 1 Hcltech 1 Bigfix Webui Insights 2024-11-21 3 Low
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.
CVE-2023-23342 1 Hcltech 1 Hcl Nomad 2024-11-21 6.6 Medium
If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented. 
CVE-2023-23324 1 Zumtobel 2 Netlink Ccd, Netlink Ccd Firmware 2024-11-21 9.8 Critical
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account.
CVE-2023-23208 3 Genesys, Linux, Microsoft 3 Administrator Extension, Linux Kernel, Windows 2024-11-21 6.1 Medium
Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261.
CVE-2023-23162 1 Phpgurukul 1 Art Gallery Management System 2024-11-21 9.8 Critical
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php.
CVE-2023-23161 1 Phpgurukul 1 Art Gallery Management System 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.
CVE-2023-23158 1 Phpgurukul 1 Art Gallery Management System 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter on the enquiry page.
CVE-2023-23157 1 Phpgurukul 1 Art Gallery Management System 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullname parameter on the enquiry page.
CVE-2023-23156 1 Phpgurukul 1 Art Gallery Management System 2024-11-21 9.8 Critical
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page.
CVE-2023-23155 1 Phpgurukul 1 Art Gallery Management System 2024-11-21 9.8 Critical
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login.
CVE-2023-23130 1 Connectwise 1 Automate 2024-11-21 5.9 Medium
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting.
CVE-2023-23127 1 Connectwise 1 Connectwise 2024-11-21 5.3 Medium
In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting.
CVE-2023-23126 1 Connectwise 1 Automate 2024-11-21 6.1 Medium
Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack.
CVE-2023-23082 1 Kodi 1 Kodi 2024-11-21 4.6 Medium
A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.