Export limit exceeded: 17688 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3700 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 6.3 Medium |
| Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-3670 | 1 Codesys | 2 Development System, Scripting | 2024-11-21 | 7.3 High |
| In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users. | ||||
| CVE-2023-3635 | 2 Redhat, Squareup | 6 Amq Streams, Jboss Enterprise Bpms Platform, Jboss Fuse and 3 more | 2024-11-21 | 5.9 Medium |
| GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class. | ||||
| CVE-2023-3568 | 2 Alextselegidis, Fossbilling | 2 Easyappointments, Fossbilling | 2024-11-21 | 6.3 Medium |
| Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-3520 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | 4.6 Medium |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6. | ||||
| CVE-2023-3455 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity. | ||||
| CVE-2023-3436 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 3.3 Low |
| Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream. | ||||
| CVE-2023-3299 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 3.4 Low |
| HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11. | ||||
| CVE-2023-3290 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 5 Medium |
| A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation. | ||||
| CVE-2023-3289 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 7.7 High |
| A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation. | ||||
| CVE-2023-3288 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 8.5 High |
| A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation. | ||||
| CVE-2023-3287 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.9 Critical |
| A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation. | ||||
| CVE-2023-3286 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 7.7 High |
| A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. This results in unauthorized data manipulation. | ||||
| CVE-2023-3270 | 2 Sick, Sick Ag | 3 Icr890-4, Icr890-4 Firmware, Icr890-4 | 2024-11-21 | 8.6 High |
| Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system. | ||||
| CVE-2023-3242 | 1 Br-automation | 1 Automation Runtime | 2024-11-21 | 8.6 High |
| Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation Runtime <G4.93 allows unauthenticated network-based attackers to cause permanent denial-of-service conditions. | ||||
| CVE-2023-3222 | 1 Password Recovery Project | 1 Password Recovery | 2024-11-21 | 7.5 High |
| Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests. | ||||
| CVE-2023-3089 | 1 Redhat | 18 Acm, Amq Streams, Container Native Virtualization and 15 more | 2024-11-21 | 7 High |
| A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. | ||||
| CVE-2023-39974 | 1 Acymailing | 1 Acymailing | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list. | ||||
| CVE-2023-39695 | 1 Elenos | 3 Etg150, Etg150 Firmware, Etg150 Fm | 2024-11-21 | 5.3 Medium |
| Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out. | ||||
| CVE-2023-39383 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security. | ||||