Total
10490 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40061 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | N/A | 8.8 HIGH |
| Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. | |||||
| CVE-2023-3768 | 1 Ingeteam | 6 Ingepac Da3451, Ingepac Da3451 Firmware, Ingepac Ef Md and 3 more | 2024-11-21 | N/A | 8.6 HIGH |
| Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services. | |||||
| CVE-2023-3705 | 1 Cpplusworld | 6 Cp-vnr-3104, Cp-vnr-3104 Firmware, Cp-vnr-3108 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
| The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device. | |||||
| CVE-2023-3704 | 1 Cpplusworld | 18 Cp-uvr-0401l1-4kh, Cp-uvr-0401l1-4kh Firmware, Cp-uvr-0401l1b-4kh and 15 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device. | |||||
| CVE-2023-39950 | 1 Siemens | 1 Efibootguard | 2024-11-21 | N/A | 6.1 MEDIUM |
| efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into `bg_setenv`) or programs using `libebgenv`. This is triggered when the affected components try to modify a manipulated environment, in particular its user variables. Furthermore, `bg_printenv` may crash over invalid read accesses or report invalid results. Not affected by this issue is EFI Boot Guard's bootloader EFI binary. EFI Boot Guard release v0.15 contains required patches to sanitize and validate the bootloader environment prior to processing it in userspace. Its library and tools should be updated, so should programs statically linked against it. An update of the bootloader EFI executable is not required. The only way to prevent the issue with an unpatched EFI Boot Guard version is to avoid accesses to user variables, specifically modifications to them. | |||||
| CVE-2023-39530 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A | 6.5 MEDIUM |
| PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | |||||
| CVE-2023-39509 | 1 Bosch | 4 Cpp13, Cpp13 Firmware, Cpp14 and 1 more | 2024-11-21 | N/A | 7.2 HIGH |
| A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. | |||||
| CVE-2023-39411 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | N/A | 5.0 MEDIUM |
| Improper input validationation for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2023-39390 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart. | |||||
| CVE-2023-39389 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability. | |||||
| CVE-2023-39388 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability. | |||||
| CVE-2023-39386 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart. | |||||
| CVE-2023-39382 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Input verification vulnerability in the audio module. Successful exploitation of this vulnerability may cause virtual machines (VMs) to restart. | |||||
| CVE-2023-39381 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart. | |||||
| CVE-2023-39357 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-11-21 | N/A | 8.8 HIGH |
| Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is numeric, the sql_save function directly utilizes user input. Many files and functions calling the sql_save function do not perform prior validation of user input, leading to the existence of multiple SQL injection vulnerabilities in Cacti. This allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-39265 | 1 Apache | 1 Superset | 2024-11-21 | N/A | 3.8 LOW |
| Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0. | |||||
| CVE-2023-39251 | 1 Dell | 26 Inspiron 7510, Inspiron 7510 Firmware, Inspiron 7610 and 23 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system. | |||||
| CVE-2023-39209 | 1 Zoom | 1 Zoom | 2024-11-21 | N/A | 5.9 MEDIUM |
| Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access. | |||||
| CVE-2023-39208 | 1 Zoom | 1 Zoom | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access. | |||||
| CVE-2023-39137 | 1 Archive Project | 1 Archive | 2024-11-21 | N/A | 7.8 HIGH |
| An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing. | |||||