Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (35583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-37238 1 Huawei 2 Emui, Harmonyos 2024-11-21 5.3 Medium
Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features.
CVE-2023-37216 1 Anasystem 2 Sensmini M4, Sensmini M4 Firmware 2024-11-21 7.5 High
AnaSystem SensMini M4 – Using the configuration tool, an authenticated user can cause Denial of Service for the device
CVE-2023-37208 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2024-11-21 7.8 High
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
CVE-2023-37174 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.
CVE-2023-36984 1 Lavalite 1 Lavalite 2024-11-21 7.5 High
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
CVE-2023-36983 1 Lavalite 1 Lavalite 2024-11-21 7.5 High
LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.
CVE-2023-36980 1 Ethereum 1 Blockchain 2024-11-21 5.3 Medium
An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold.
CVE-2023-36862 1 Apple 1 Macos 2024-11-21 5.5 Medium
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location.
CVE-2023-36854 1 Apple 1 Macos 2024-11-21 7.8 High
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution.
CVE-2023-36821 1 Uptime-kuma Project 1 Uptime-kuma 2024-11-21 8.8 High
Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login. After downloading a plugin, it's installed by calling `npm install` in the installation directory of the plugin. Because the plugin is not validated against the official list of plugins or installed with `npm install --ignore-scripts`, a maliciously crafted plugin taking advantage of npm scripts can gain remote code execution. Version 1.22.1 contains a patch for this issue.
CVE-2023-36818 1 Discourse 1 Discourse 2024-11-21 6.5 Medium
Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit `52b003d915`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-36674 1 Mediawiki 1 Mediawiki 2024-11-21 5.3 Medium
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.
CVE-2023-36638 1 Fortinet 2 Fortianalyzer, Fortimanager 2024-11-21 4.2 Medium
An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID.
CVE-2023-36628 1 Purestorage 1 Purity\/\/fa 2024-11-21 8.8 High
A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
CVE-2023-36627 1 Purestorage 1 Purity 2024-11-21 7.7 High
A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.
CVE-2023-36620 1 Nationaledtech 1 Boomerang 2024-11-21 4.6 Medium
An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API.
CVE-2023-36551 1 Fortinet 1 Fortisiem 2024-11-21 4.2 Medium
A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request.
CVE-2023-36537 1 Zoom 1 Rooms 2024-11-21 7.3 High
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
CVE-2023-36533 1 Zoom 2 Meeting Software Development Kit, Video Software Development Kit 2024-11-21 7.1 High
Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access.
CVE-2023-36490 1 Intel 1 Memory And Storage Tool 2024-11-21 5 Medium
Improper initialization in some Intel(R) MAS software before version 2.3 may allow an authenticated user to potentially enable denial of service via local access.