Export limit exceeded: 10698 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1840 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36134 | 1 Phpjabbers | 1 Class Scheduling System | 2024-11-21 | 9.8 Critical |
| In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. | ||||
| CVE-2023-35906 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2024-11-21 | 5.3 Medium |
| IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649. | ||||
| CVE-2023-35719 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 6.8 Medium |
| ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009. | ||||
| CVE-2023-33959 | 1 Notaryproject | 1 Notation-go | 2024-11-21 | 8.4 High |
| notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries. | ||||
| CVE-2023-33768 | 1 Belkin | 2 Wemo Smart Plug Wsp080, Wemo Smart Plug Wsp080 Firmware | 2024-11-21 | 6.5 Medium |
| Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file. | ||||
| CVE-2023-30949 | 1 Palantir | 1 Slate | 2024-11-21 | 4.3 Medium |
| A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks. | ||||
| CVE-2023-30562 | 1 Bd | 1 Alaris Guardrails Editor | 2024-11-21 | 3 Low |
| A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. | ||||
| CVE-2023-30559 | 1 Bd | 2 Alaris 8015 Pcu, Alaris 8015 Pcu Firmware | 2024-11-21 | 5.2 Medium |
| The firmware update package for the wireless card is not properly signed and can be modified. | ||||
| CVE-2023-2850 | 1 Nodebb | 1 Nodebb | 2024-11-21 | 4.7 Medium |
| NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker. | ||||
| CVE-2023-2848 | 1 Movim | 1 Movim | 2024-11-21 | 8 High |
| Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation. | ||||
| CVE-2023-28863 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | 9.1 Critical |
| AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. | ||||
| CVE-2023-28804 | 1 Zscaler | 1 Client Connector | 2024-11-21 | 8.2 High |
| An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105 | ||||
| CVE-2023-28801 | 1 Zscaler | 1 Zscaler Internet Access Admin Portal | 2024-11-21 | 9.6 Critical |
| An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privilege Escalation.This issue affects Admin UI: from 6.2 before 6.2r. | ||||
| CVE-2023-28794 | 1 Zscaler | 1 Client Connector | 2024-11-21 | 4.3 Medium |
| Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | ||||
| CVE-2023-26141 | 2 Contribsys, Redhat | 2 Sidekiq, Satellite | 2024-11-21 | 7.5 High |
| Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests. | ||||
| CVE-2023-23773 | 1 Motorola | 5 Ebts Base Radio, Ebts Base Radio Firmware, Ebts Mbts Base Radio and 2 more | 2024-11-21 | 7.2 High |
| Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device. | ||||
| CVE-2023-23772 | 1 Motorola | 2 Mbts Site Controller, Mbts Site Controller Firmware | 2024-11-21 | 7.2 High |
| Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device. | ||||
| CVE-2023-23433 | 1 Hihonor | 2 Nth-an00, Nth-an00 Firmware | 2024-11-21 | 4 Medium |
| Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. | ||||
| CVE-2023-23431 | 1 Hihonor | 2 Nth-an00, Nth-an00 Firmware | 2024-11-21 | 7.3 High |
| Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. | ||||
| CVE-2023-21260 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation. | ||||