Export limit exceeded: 364439 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (35583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-45284 2 Golang, Microsoft 2 Go, Windows 2024-11-21 5.3 Medium
On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.
CVE-2023-45223 1 Mattermost 1 Mattermost 2024-11-21 4.3 Medium
Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled. 
CVE-2023-45219 1 F5 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more 2024-11-21 4.4 Medium
Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-45198 1 Netbsd 2 Ftpd, Tnftpd 2024-11-21 7.5 High
ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
CVE-2023-45189 1 Ibm 1 Robotic Process Automation For Cloud Pak 2024-11-21 6.5 Medium
A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752.
CVE-2023-45176 1 Ibm 2 App Connect Enterprise, Integration Bus 2024-11-21 6.2 Medium
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998.
CVE-2023-45174 1 Ibm 2 Aix, Vios 2024-11-21 8.4 High
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972.
CVE-2023-45172 1 Ibm 2 Aix, Vios 2024-11-21 6.2 Medium
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970.
CVE-2023-45168 1 Ibm 2 Aix, Vios 2024-11-21 8.4 High
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966.
CVE-2023-45167 1 Ibm 2 Aix, Vios 2024-11-21 6.2 Medium
IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965.
CVE-2023-45166 1 Ibm 2 Aix, Vios 2024-11-21 8.4 High
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. IBM X-Force ID: 267964.
CVE-2023-45147 1 Discourse 1 Discourse 2024-11-21 4.9 Medium
Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation with the default plugins, this vulnerability has no impact. The problem has been patched in the latest version of Discourse. Users are advised to update to version 3.1.1 if they are on the stable branch or 3.2.0.beta2 if they are on the beta branch. Users unable to upgrade should disable any plugins that access topic custom fields.
CVE-2023-45132 1 Wargio 1 Naxsi 2024-11-21 9.1 Critical
NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious `X-Forwarded-For` IP matches `IgnoreIP` `IgnoreCIDR` rules. This old code was arranged to allow older NGINX versions to also support `IgnoreIP` `IgnoreCIDR` when multiple reverse proxies were present. The issue is patched in version 1.6. As a workaround, do not set any `IgnoreIP` `IgnoreCIDR` for older versions.
CVE-2023-45131 1 Discourse 1 Discourse 2024-11-21 7.5 High
Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-45024 1 Bestpractical 1 Request Tracker 2024-11-21 7.5 High
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
CVE-2023-44848 1 Seacms 1 Seacms 2024-11-21 8.1 High
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component.
CVE-2023-44847 1 Seacms 1 Seacms 2024-11-21 7.2 High
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component.
CVE-2023-44846 1 Seacms 1 Seacms 2024-11-21 8.8 High
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component.
CVE-2023-44809 2 D-link, Dlink 3 Dir-820l, Dir-820l, Dir-820l Firmware 2024-11-21 9.8 Critical
D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions.
CVE-2023-44794 2 Dromara, Vmware 3 Sa-token, Spring Boot, Spring Framework 2024-11-21 9.8 Critical
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.