Total
35574 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49243 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-49242 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Free broadcast vulnerability in the running management module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-49241 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-49147 | 1 Pdf24 | 1 Pdf24 Creator | 2024-11-21 | 7.8 High |
| An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions (e.g., an oplock on faxPrnInst.log) to open a SYSTEM cmd.exe. | ||||
| CVE-2023-49102 | 1 Nzbget | 1 Nzbget | 2024-11-21 | 8.8 High |
| NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-49093 | 1 Htmlunit | 1 Htmlunit | 2024-11-21 | 9.8 Critical |
| HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0 | ||||
| CVE-2023-49068 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not yet been released. In the mean time, we recommend you make sure the logs are only available to trusted operators. | ||||
| CVE-2023-49060 | 1 Mozilla | 1 Firefox | 2024-11-21 | 9.8 Critical |
| An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120. | ||||
| CVE-2023-48950 | 1 Openlinksw | 1 Virtuoso | 2024-11-21 | 7.5 High |
| An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | ||||
| CVE-2023-48949 | 1 Openlinksw | 1 Virtuoso | 2024-11-21 | 7.5 High |
| An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | ||||
| CVE-2023-48948 | 1 Openlinksw | 1 Virtuoso | 2024-11-21 | 7.5 High |
| An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | ||||
| CVE-2023-48947 | 1 Openlinksw | 1 Virtuoso | 2024-11-21 | 7.5 High |
| An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | ||||
| CVE-2023-48946 | 1 Openlinksw | 1 Virtuoso | 2024-11-21 | 7.5 High |
| An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | ||||
| CVE-2023-48799 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution. | ||||
| CVE-2023-48713 | 1 Knative | 1 Serving | 2024-11-21 | 6.5 Medium |
| Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0. | ||||
| CVE-2023-48671 | 1 Dell | 3 Powermax Os, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2024-11-21 | 7.5 High |
| Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A remote attacker could potentially exploit this vulnerability leading to obtain sensitive information that may aid in further attacks. | ||||
| CVE-2023-48659 | 1 Misp-project | 1 Malware Information Sharing Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing. | ||||
| CVE-2023-48658 | 1 Misp-project | 1 Malware Information Sharing Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space. | ||||
| CVE-2023-48657 | 1 Misp-project | 1 Malware Information Sharing Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters. | ||||
| CVE-2023-48655 | 1 Misp-project | 1 Malware Information Sharing Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters. | ||||