Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35583 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37238 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.3 Medium |
| Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features. | ||||
| CVE-2023-37216 | 1 Anasystem | 2 Sensmini M4, Sensmini M4 Firmware | 2024-11-21 | 7.5 High |
| AnaSystem SensMini M4 – Using the configuration tool, an authenticated user can cause Denial of Service for the device | ||||
| CVE-2023-37208 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-11-21 | 7.8 High |
| When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | ||||
| CVE-2023-37174 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c. | ||||
| CVE-2023-36984 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 7.5 High |
| LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. | ||||
| CVE-2023-36983 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 7.5 High |
| LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. | ||||
| CVE-2023-36980 | 1 Ethereum | 1 Blockchain | 2024-11-21 | 5.3 Medium |
| An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold. | ||||
| CVE-2023-36862 | 1 Apple | 1 Macos | 2024-11-21 | 5.5 Medium |
| A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location. | ||||
| CVE-2023-36854 | 1 Apple | 1 Macos | 2024-11-21 | 7.8 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution. | ||||
| CVE-2023-36821 | 1 Uptime-kuma Project | 1 Uptime-kuma | 2024-11-21 | 8.8 High |
| Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login. After downloading a plugin, it's installed by calling `npm install` in the installation directory of the plugin. Because the plugin is not validated against the official list of plugins or installed with `npm install --ignore-scripts`, a maliciously crafted plugin taking advantage of npm scripts can gain remote code execution. Version 1.22.1 contains a patch for this issue. | ||||
| CVE-2023-36818 | 1 Discourse | 1 Discourse | 2024-11-21 | 6.5 Medium |
| Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit `52b003d915`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-36674 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.3 Medium |
| An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax. | ||||
| CVE-2023-36638 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 4.2 Medium |
| An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID. | ||||
| CVE-2023-36628 | 1 Purestorage | 1 Purity\/\/fa | 2024-11-21 | 8.8 High |
| A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation. | ||||
| CVE-2023-36627 | 1 Purestorage | 1 Purity | 2024-11-21 | 7.7 High |
| A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. | ||||
| CVE-2023-36620 | 1 Nationaledtech | 1 Boomerang | 2024-11-21 | 4.6 Medium |
| An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API. | ||||
| CVE-2023-36551 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 4.2 Medium |
| A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request. | ||||
| CVE-2023-36537 | 1 Zoom | 1 Rooms | 2024-11-21 | 7.3 High |
| Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | ||||
| CVE-2023-36533 | 1 Zoom | 2 Meeting Software Development Kit, Video Software Development Kit | 2024-11-21 | 7.1 High |
| Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access. | ||||
| CVE-2023-36490 | 1 Intel | 1 Memory And Storage Tool | 2024-11-21 | 5 Medium |
| Improper initialization in some Intel(R) MAS software before version 2.3 may allow an authenticated user to potentially enable denial of service via local access. | ||||