Search Results (37027 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-2035 1 Campcodes Video Sharing Website Project 1 Campcodes Video Sharing Website 2024-11-21 6.3 Medium
A vulnerability has been found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file signup.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225913 was assigned to this vulnerability.
CVE-2023-2002 3 Debian, Linux, Redhat 9 Debian Linux, Linux Kernel, Enterprise Linux and 6 more 2024-11-21 6.8 Medium
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
CVE-2023-29656 1 Darktrace 1 Threat Visualizer 2024-11-21 6.1 Medium
An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control "antigena" actions(block/unblock traffic) from the mobile application. This vulnerability could create a "shutdown", blocking all ingress or egress traffic in the entire infrastructure where darktrace agents are deployed.
CVE-2023-29597 1 Bloofox 1 Bloofoxcms 2024-11-21 8.8 High
bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1.
CVE-2023-29484 1 Terminalfour 1 Terminalfour 2024-11-21 6.5 Medium
In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password.
CVE-2023-29381 1 Zimbra 1 Collaboration 2024-11-21 9.8 Critical
An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.
CVE-2023-29178 1 Fortinet 2 Fortios, Fortiproxy 2024-11-21 4.1 Medium
A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.
CVE-2023-29095 1 Carrcommunications 1 Rsvpmaker 2024-11-21 7.6 High
Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions.
CVE-2023-28775 1 Yoast 1 Yoast Seo 2024-11-21 5.3 Medium
Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4.
CVE-2023-28729 1 Panasonic 1 Control Fpwin Pro 2024-11-21 7.8 High
A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
CVE-2023-28714 3 Intel, Intel Proset Wireless Wifi Software For Windows, Microsoft 3 Proset\/wireless Wifi, Intel Proset Wireless Wifi Software For Windows, Windows 2024-11-21 8.2 High
Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-28673 1 Jenkins 1 Octoperf Load Testing 2024-11-21 4.3 Medium
A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2023-28635 1 Vantage6 1 Vantage6 2024-11-21 5.4 Medium
vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for example, if user id 13 is allowed to run tasks, and an attacker creates a username with username '13', they would be wrongly allowed to run an algorithm. There may also be other places in the code where such a mixup of resource ID or name leads to issues. Version 4.0.0 contains a patch for this issue. The best solution is to check when resources are created or modified, that the resource name always starts with a character.
CVE-2023-28575 1 Qualcomm 120 205, 205 Firmware, 215 and 117 more 2024-11-21 6.7 Medium
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.
CVE-2023-28468 1 Insyde 1 Kernel 2024-11-21 6.5 Medium
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.
CVE-2023-28329 1 Moodle 1 Moodle 2024-11-21 6.3 Medium
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
CVE-2023-28019 1 Hcltech 1 Bigfix Webui 2024-11-21 5.5 Medium
Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.
CVE-2023-27846 1 Themevolty 1 Theme Volty Cms Blog 2024-11-21 9.8 Critical
SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial components.
CVE-2023-27845 1 Kerawen 1 Omnichannel Stocks 2024-11-21 9.8 Critical
SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components.
CVE-2023-27792 1 Ixpdata 1 Easyinstall 2024-11-21 7.8 High
An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories.