Export limit exceeded: 15199 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (15199 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31101 | 1 Apache | 1 Inlong | 2024-11-21 | 6.5 Medium |
| Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it. | ||||
| CVE-2023-30949 | 1 Palantir | 1 Slate | 2024-11-21 | 4.3 Medium |
| A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks. | ||||
| CVE-2023-2873 | 2 Filseclab, Microsoft | 2 Twister Antivirus, Windows | 2024-11-21 | 5.3 Medium |
| A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2200 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.1 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field. | ||||
| CVE-2023-28738 | 2 Intel, Intel Nuc Bios Firmware | 13 Nuc 7 Essential Nuc7cjysamn, Nuc 7 Essential Nuc7cjysamn Firmware, Nuc Kit Nuc7cjyh and 10 more | 2024-11-21 | 7.5 High |
| Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-28736 | 1 Mdadm Project | 1 Mdadm | 2024-11-21 | 5.7 Medium |
| Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-28730 | 1 Panasonic | 1 Control Fpwin Pro | 2024-11-21 | 7.8 High |
| A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. | ||||
| CVE-2023-28487 | 3 Netapp, Redhat, Sudo Project | 5 Active Iq Unified Manager, Enterprise Linux, Openshift Data Foundation and 2 more | 2024-11-21 | 5.3 Medium |
| Sudo before 1.9.13 does not escape control characters in sudoreplay output. | ||||
| CVE-2023-28486 | 3 Netapp, Redhat, Sudo Project | 5 Active Iq Unified Manager, Enterprise Linux, Openshift Data Foundation and 2 more | 2024-11-21 | 5.3 Medium |
| Sudo before 1.9.13 does not escape control characters in log messages. | ||||
| CVE-2023-28383 | 2024-11-21 | 6.1 Medium | ||
| Improper conditions check in some Intel(R) BIOS PPAM firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-27516 | 1 Softether | 1 Vpn | 2024-11-21 | 7.3 High |
| An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-27506 | 1 Intel | 1 Optimization For Tensorflow | 2024-11-21 | 5.5 Medium |
| Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-26289 | 1 Ibm | 1 Aspera Orchestrator | 2024-11-21 | 5.4 Medium |
| IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 248478. | ||||
| CVE-2023-26279 | 1 Ibm | 1 Qradar Wincollect | 2024-11-21 | 3.3 Low |
| IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160. | ||||
| CVE-2023-26147 | 1 Ithewei | 1 Libhv | 2024-11-21 | 5.3 Medium |
| All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content, like for example additional headers or new response body, leading to a potential XSS vulnerability. | ||||
| CVE-2023-26142 | 1 Crowcpp | 1 Crow | 2024-11-21 | 6.5 Medium |
| All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content. | ||||
| CVE-2023-26137 | 1 Drogon | 1 Drogon | 2024-11-21 | 7.2 High |
| All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content. | ||||
| CVE-2023-25527 | 1 Nvidia | 3 Dgx H100, Dgx H100 Bmc, Dgx H100 Firmware | 2024-11-21 | 7.8 High |
| NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2023-24585 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-11-21 | 7.7 High |
| An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-23567 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 8.1 High |
| A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially crafted file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||