Search Results (37023 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-22794 2 Activerecord Project, Redhat 2 Activerecord, Satellite 2024-11-21 8.8 High
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.
CVE-2023-22593 2 Ibm, Redhat 2 Robotic Process Automation, Openshift 2024-11-21 4 Medium
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.
CVE-2023-22378 1 Nozominetworks 2 Cmc, Guardian 2024-11-21 8.8 High
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability.
CVE-2023-22325 1 Softether 1 Vpn 2024-11-21 5.9 Medium
A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
CVE-2023-22319 1 Milesight 1 Milesightvpn 2024-11-21 7.3 High
A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2023-22275 2 Adobe, Microsoft 2 Robohelp Server, Windows 2024-11-21 7.5 High
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
CVE-2023-22268 2 Adobe, Microsoft 2 Robohelp Server, Windows 2024-11-21 6.5 Medium
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction.
CVE-2023-21643 1 Qualcomm 48 Apq8064au, Apq8064au Firmware, Apq8096au and 45 more 2024-11-21 9.1 Critical
Memory corruption due to untrusted pointer dereference in automotive during system call.
CVE-2023-21521 1 Blackberry 1 Athoc 2024-11-21 7.2 High
An SQL Injection vulnerability in the Management Console  (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.
CVE-2023-21412 1 Axis 1 License Plate Verifier 2024-11-21 7.2 High
User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections.
CVE-2023-21393 1 Google 1 Android 2024-11-21 7.8 High
In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21390 1 Google 1 Android 2024-11-21 7.8 High
In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21389 1 Google 1 Android 2024-11-21 7.8 High
In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21388 1 Google 1 Android 2024-11-21 7.8 High
In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21382 1 Google 1 Android 2024-11-21 5.5 Medium
In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21378 1 Google 1 Android 2024-11-21 7.8 High
In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21373 1 Google 1 Android 2024-11-21 7.8 High
In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21341 1 Google 1 Android 2024-11-21 7.8 High
In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21340 1 Google 1 Android 2024-11-21 5.5 Medium
In Telecomm, there is a possible way to get the call state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21329 1 Google 1 Android 2024-11-21 5.5 Medium
In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.