Filtered by CWE-20
Total 11823 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-24975 1 Ibm 1 Spectrum Symphony 2024-08-02 5.4 Medium
IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 247030.
CVE-2023-24937 1 Microsoft 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more 2024-08-02 6.5 Medium
Windows CryptoAPI Denial of Service Vulnerability
CVE-2023-24866 1 Microsoft 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more 2024-08-02 6.5 Medium
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24856 1 Microsoft 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more 2024-08-02 7.5 High
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24865 1 Microsoft 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more 2024-08-02 6.5 Medium
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24807 2 Nodejs, Redhat 3 Undici, Enterprise Linux, Rhel Eus 2024-08-02 7.5 High
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.
CVE-2023-24853 1 Qualcomm 226 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 223 more 2024-08-02 8.4 High
Memory Corruption in HLOS while registering for key provisioning notify.
CVE-2023-24569 1 Dell 1 Alienware Command Center 2024-08-02 7.8 High
Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.
CVE-2023-24571 1 Dell 2 Embedded Box Pc 3000, Embedded Box Pc 3000 Firmware 2024-08-02 7.5 High
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.
CVE-2023-24493 1 Tenable 1 Tenable.sc 2024-08-02 5.7 Medium
A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host.
CVE-2023-24422 2 Jenkins, Redhat 3 Script Security, Ocp Tools, Openshift 2024-08-02 8.8 High
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
CVE-2023-24329 4 Fedoraproject, Netapp, Python and 1 more 14 Fedora, Active Iq Unified Manager, Management Services For Element Software and 11 more 2024-08-02 7.5 High
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
CVE-2023-24304 1 Irfanview 1 Irfanview 2024-08-02 7.8 High
Improper input validation in the PDF.dll plugin of IrfanView v4.60 allows attackers to execute arbitrary code via opening a crafted PDF file.
CVE-2023-23934 2 Palletsprojects, Redhat 2 Werkzeug, Openstack 2024-08-02 2.6 Low
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
CVE-2023-23416 1 Microsoft 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more 2024-08-02 7.8 High
Windows Cryptographic Services Remote Code Execution Vulnerability
CVE-2023-23409 1 Microsoft 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more 2024-08-02 5.5 Medium
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
CVE-2023-23375 1 Microsoft 6 Odbc, Odbc Driver 17 For Sql Server, Odbc Driver 18 For Sql Server and 3 more 2024-08-02 7.8 High
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
CVE-2023-23419 1 Microsoft 2 Windows 11 22h2, Windows 11 22h2 2024-08-02 7.8 High
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVE-2023-23009 3 Debian, Libreswan, Redhat 3 Debian Linux, Libreswan, Enterprise Linux 2024-08-02 6.5 Medium
Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.
CVE-2023-22916 1 Zyxel 36 Atp100, Atp100 Firmware, Atp100w and 33 more 2024-08-02 8.1 High
The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode.