Search Results (45974 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-40014 1 Openzeppelin 2 Openzeppelin Contracts, Openzeppelin Contracts-upgradable 2024-11-21 5.3 Medium
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is aware of, given that the signer address is appended to all calls that originate from these forwarders. The problem has been patched in v4.9.3.
CVE-2023-3953 1 Schneider-electric 1 Pro-face Gp-pro Ex 2024-11-21 5.3 Medium
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX.
CVE-2023-3766 1 Cloudflare 1 Odoh-rs 2024-11-21 5.9 Medium
A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable.
CVE-2023-3703 1 Proscend 41 A510-f1, A510-f1 Firmware, A510-l1 and 38 more 2024-11-21 10 Critical
Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials
CVE-2023-3696 1 Mongoosejs 1 Mongoose 2024-11-21 9.8 Critical
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.
CVE-2023-3668 1 Froxlor 1 Froxlor 2024-11-21 7.2 High
Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.
CVE-2023-3646 1 Arista 47 7280cr3-32d4, 7280cr3-32p4, 7280cr3-36s and 44 more 2024-11-21 5.9 Medium
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
CVE-2023-3635 2 Redhat, Squareup 6 Amq Streams, Jboss Enterprise Bpms Platform, Jboss Fuse and 3 more 2024-11-21 5.9 Medium
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.
CVE-2023-3580 1 Squidex.io 1 Squidex 2024-11-21 4.3 Medium
Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.
CVE-2023-3552 1 Teampass 1 Teampass 2024-11-21 5.4 Medium
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
CVE-2023-3545 1 Chamilo 1 Chamilo 2024-11-21 9.8 Critical
Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution.
CVE-2023-3527 1 Avaya 1 Call Management System 2024-11-21 6.8 Medium
A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.  
CVE-2023-3523 1 Gpac 1 Gpac 2024-11-21 7.1 High
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-3497 1 Google 2 Chrome, Chrome Os 2024-11-21 4.6 Medium
Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. (Chromium security severity: Medium)
CVE-2023-3493 1 Fossbilling 1 Fossbilling 2024-11-21 8.0 High
Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.
CVE-2023-3487 1 Silabs 1 Gecko Bootloader 2024-11-21 7.7 High
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.
CVE-2023-3485 1 Temporal 1 Temporal 2024-11-21 3 Low
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires the namespace UUID and information from the workflow history for the target namespace. Under these conditions, it is possible to interfere with pending tasks in other namespaces, such as marking a task failed or completed. If a task is targeted for completion by the attacker, the targeted namespace must also be using the same data converter configuration as the initial, valid, namespace for the task completion payload to be decoded by workers in the target namespace.
CVE-2023-3481 1 Google 1 Critters 2024-11-21 5.7 Medium
Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug. We recommend upgrading to version 0.0.20 of the extension. 
CVE-2023-3471 1 Panasonic 1 Kw Watcher 2024-11-21 8.6 High
Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code.
CVE-2023-3470 1 F5 41 Big-ip 10200v-f, Big-ip 10200v-f Firmware, Big-ip 10350v-f and 38 more 2024-11-21 6 Medium
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account.  The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information required to generate the correct password.  On vCMP systems, all Guests share the same deterministic password, allowing those with TMSH access on one Guest to access keys of a different Guest. The following BIG-IP hardware platforms are affected: 10350v-F, i5820-DF, i7820-DF, i15820-DF, 5250v-F, 7200v-F, 10200v-F, 6900-F, 8900-F, 11000-F, and 11050-F. The BIG-IP rSeries r5920-DF and r10920-DF are not affected, nor does the issue affect software FIPS implementations or network HSM configurations. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.