Search Results (37036 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-33481 1 Remoteclinic 1 Remote Clinic 2024-11-21 9.8 Critical
RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php.
CVE-2023-33479 1 Remoteclinic 1 Remote Clinic 2024-11-21 9.8 Critical
RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file.
CVE-2023-33478 1 Remoteclinic 1 Remote Clinic 2024-11-21 9.8 Critical
RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php.
CVE-2023-33468 1 Kramerav 4 Via Connect2, Via Connect2 Firmware, Via Go2 and 1 more 2024-11-21 9.1 Critical
KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.
CVE-2023-33378 1 Connectedio 1 Connected Io 2024-11-21 9.8 Critical
Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.
CVE-2023-33376 1 Connectedio 1 Connected Io 2024-11-21 9.8 Critical
Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.
CVE-2023-33367 1 Assaabloy 1 Control Id Idsecure 2024-11-21 9.8 Critical
A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution.
CVE-2023-33366 1 Supremainc 1 Biostar 2 2024-11-21 8.8 High
A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands.
CVE-2023-33305 1 Fortinet 3 Fortios, Fortiproxy, Fortiweb 2024-11-21 4.9 Medium
A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.
CVE-2023-33237 1 Moxa 2 Tn-5900, Tn-5900 Firmware 2024-11-21 8.8 High
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors.
CVE-2023-33190 2 Sealos, Sealos Project 2 Sealos, Sealos 2024-11-21 10 Critical
Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.1-rc4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-32967 1 Qnap 2 Qts, Qutscloud 2024-11-21 5 Medium
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later
CVE-2023-32855 5 Google, Linuxfoundation, Mediatek and 2 more 36 Android, Yocto, Mt2735 and 33 more 2024-11-21 6.7 Medium
In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07909204; Issue ID: ALPS07909204.
CVE-2023-32818 2 Google, Mediatek 11 Android, Mt6761, Mt6763 and 8 more 2024-11-21 6.7 Medium
In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715.
CVE-2023-32783 2 Microsoft, Zohocorp 2 Windows, Manageengine Adaudit Plus 2024-11-21 7.5 High
The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. NOTE: the vendor states "We do not consider this as a security bug and it's an expected behaviour."
CVE-2023-32748 1 Mitel 1 Mivoice Connect 2024-11-21 9.8 Critical
The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.
CVE-2023-32672 1 Apache 1 Superset 2024-11-21 4.3 Medium
An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.
CVE-2023-32482 1 Dell 1 Wyse Management Suite 2024-11-21 4.9 Medium
Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group.
CVE-2023-32358 1 Apple 3 Ipados, Iphone Os, Macos 2024-11-21 8.8 High
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.
CVE-2023-32261 1 Microfocus 1 Dimensions Cm 2024-11-21 4.2 Medium
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/