Total
184 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49862 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_gifimage` parameter. | |||||
| CVE-2023-49738 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read. | |||||
| CVE-2023-47862 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 9.8 CRITICAL |
| A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2023-47171 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read. | |||||
| CVE-2023-47147 | 1 Ibm | 1 Sterling Secure Proxy | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598. | |||||
| CVE-2023-36764 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft SharePoint Server Elevation of Privilege Vulnerability | |||||
| CVE-2023-36019 | 1 Microsoft | 2 Azure Logic Apps, Power Platform | 2024-11-21 | N/A | 9.6 CRITICAL |
| Microsoft Power Platform Connector Spoofing Vulnerability | |||||
| CVE-2023-35384 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| Windows HTML Platforms Security Feature Bypass Vulnerability | |||||
| CVE-2023-35308 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | |||||
| CVE-2023-2554 | 1 Bumsys Project | 1 Bumsys | 2024-11-21 | N/A | 7.2 HIGH |
| External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0. | |||||
| CVE-2023-29324 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | |||||
| CVE-2023-28603 | 2 Microsoft, Zoom | 2 Windows, Virtual Desktop Infrastructure | 2024-11-21 | N/A | 7.7 HIGH |
| Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions. | |||||
| CVE-2023-21800 | 1 Microsoft | 1 Windows Server 2008 | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2023-21566 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2024-11-21 | N/A | 7.8 HIGH |
| Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2023-20234 | 1 Cisco | 43 Firepower 1000, Firepower 1010, Firepower 1020 and 40 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability. | |||||
| CVE-2023-1105 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 8.1 HIGH |
| External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2023-1070 | 1 Teampass | 1 Teampass | 2024-11-21 | N/A | 7.1 HIGH |
| External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22. | |||||
| CVE-2022-2400 | 1 Dompdf Project | 1 Dompdf | 2024-11-21 | N/A | 5.3 MEDIUM |
| External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. | |||||
| CVE-2022-0593 | 1 Idehweb | 1 Login With Phone Number | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation. | |||||
| CVE-2022-0246 | 1 Webence | 1 Iq Block Country | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. This behavior leads to "Zip Slip" vulnerability. | |||||