Total
13188 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4550 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-11-21 | 7.5 High |
| Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. This issue affects AppBuilder: from 21.2 before 23.2. | ||||
| CVE-2023-4481 | 2 Juniper, Juniper Networks | 4 Junos, Junos Os Evolved, Junos Os and 1 more | 2024-11-21 | 7.5 High |
| An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers. Continuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. Improper Input Validation, Denial of Service vulnerability in Juniper Networks, Inc. Junos OS (BGP, rpd modules), Juniper Networks, Inc. Junos OS Evolved (BGP, rpd modules) allows Fuzzing.This issue affects Junos OS: * All versions before 20.4R3-S10, * from 21.1R1 through 21.*, * from 21.2 before 21.2R3-S5, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S7 (unaffected from 21.4R3-S5, affected from 21.4R3-S6) * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * All versions before 20.4R3-S10-EVO, * from 21.2-EVO before 21.2R3-S7-EVO, * from 21.3-EVO before 21.3R3-S5-EVO, * from 21.4-EVO before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. | ||||
| CVE-2023-4435 | 1 Hamza417 | 1 Inure | 2024-11-21 | 5.5 Medium |
| Improper Input Validation in GitHub repository hamza417/inure prior to build88. | ||||
| CVE-2023-4241 | 1 Cloudflare | 1 Lol-html | 2024-11-21 | 7.5 High |
| lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected. | ||||
| CVE-2023-4197 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.5 High |
| Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code. | ||||
| CVE-2023-4043 | 2 Eclipse, Redhat | 6 Parsson, Camel Quarkus, Camel Spring Boot and 3 more | 2024-11-21 | 5.9 Medium |
| In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale. | ||||
| CVE-2023-49958 | 1 Dallmann-consulting | 1 Open Charge Point Protocol | 2024-11-21 | 7.5 High |
| An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity. | ||||
| CVE-2023-49796 | 1 Mindsdb | 1 Mindsdb | 2024-11-21 | 5.3 Medium |
| MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue. | ||||
| CVE-2023-49610 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2024-11-21 | 8.1 High |
| MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack. | ||||
| CVE-2023-49551 | 1 Cesanta | 1 Mjs | 2024-11-21 | 7.5 High |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file. | ||||
| CVE-2023-49291 | 1 Tj-actions | 1 Branch-names | 2024-11-21 | 9.3 Critical |
| tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The `tj-actions/branch-names` GitHub Actions improperly references the `github.event.pull_request.head.ref` and `github.head_ref` context variables within a GitHub Actions `run` step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name. As a result an attacker can use this vulnerability to steal secrets from or abuse `GITHUB_TOKEN` permissions. This vulnerability has been addressed in version 7.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-49248 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.5 Medium |
| Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access. | ||||
| CVE-2023-48949 | 1 Openlinksw | 1 Virtuoso | 2024-11-21 | 7.5 High |
| An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | ||||
| CVE-2023-48948 | 1 Openlinksw | 1 Virtuoso | 2024-11-21 | 7.5 High |
| An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | ||||
| CVE-2023-48947 | 1 Openlinksw | 1 Virtuoso | 2024-11-21 | 7.5 High |
| An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | ||||
| CVE-2023-48946 | 1 Openlinksw | 1 Virtuoso | 2024-11-21 | 7.5 High |
| An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | ||||
| CVE-2023-48693 | 1 Microsoft | 1 Azure Rtos Threadx | 2024-11-21 | 8.7 High |
| Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected components include RTOS ThreadX v6.2.1 and below. The fixes have been included in ThreadX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-48634 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-21 | 7.8 High |
| Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-48631 | 2 Adobe, Redhat | 4 Css-tools, Migration Toolkit Applications, Migration Toolkit Runtimes and 1 more | 2024-11-21 | 5.3 Medium |
| @adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. | ||||
| CVE-2023-48311 | 1 Jupyter | 1 Dockerspawner | 2024-11-21 | 8 High |
| dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying `DockerSpawner.allowed_images` configuration allow users to launch _any_ pullable docker image, instead of restricting to only the single configured image, as intended. This issue has been addressed in commit `3ba4b665b` which has been included in dockerspawner release version 13. Users are advised to upgrade. Users unable to upgrade should explicitly set `DockerSpawner.allowed_images` to a non-empty list containing only the default image will result in the intended default behavior. | ||||