Export limit exceeded: 35254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38344 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access. | ||||
| CVE-2023-38332 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 6.5 Medium |
| Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure. | ||||
| CVE-2023-38259 | 1 Apple | 1 Macos | 2024-11-21 | 5.5 Medium |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to access user-sensitive data. | ||||
| CVE-2023-38258 | 1 Apple | 1 Macos | 2024-11-21 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory. | ||||
| CVE-2023-38135 | 1 Intel | 1 Performance Maximizer | 2024-11-21 | 6.7 Medium |
| Improper authorization in some Intel(R) PM software may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-38132 | 2 Elecom, Logitec | 3 Lan-w451ngr, Lan-w451ngr Firmware, Lan-w451ngr | 2024-11-21 | 8.8 High |
| LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service. | ||||
| CVE-2023-38062 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 Medium |
| In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations | ||||
| CVE-2023-38059 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.3 Medium |
| The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34. | ||||
| CVE-2023-38043 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2024-11-21 | 7.8 High |
| A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. | ||||
| CVE-2023-38023 | 2 Intel, Scontain | 2 Software Guard Extensions, Scone | 2024-11-21 | 5.5 Medium |
| An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak." | ||||
| CVE-2023-38022 | 1 Fortanix | 1 Confidential Computing Manager | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user. | ||||
| CVE-2023-38021 | 1 Fortanix | 1 Confidential Computing Manager | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer. | ||||
| CVE-2023-37939 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 3 Low |
| An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning. | ||||
| CVE-2023-37917 | 1 Fit2cloud | 1 Kubepi | 2024-11-21 | 9.1 Critical |
| KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-37916 | 1 Fit2cloud | 1 Kubepi | 2024-11-21 | 6.5 Medium |
| KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-37915 | 1 Objectcomputing | 1 Opendds | 2024-11-21 | 7.5 High |
| OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS crashes while parsing a malformed `PID_PROPERTY_LIST` in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage containing the malformed parameter to the known multicast port. This issue has been addressed in version 3.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-37912 | 1 Xwiki | 1 Xwiki-rendering | 2024-11-21 | 10 Critical |
| XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro. | ||||
| CVE-2023-37831 | 1 Elenos | 3 Etg150, Etg150 Firmware, Etg150 Fm | 2024-11-21 | 5.3 Medium |
| An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted. | ||||
| CVE-2023-37767 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so. | ||||
| CVE-2023-37766 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so. | ||||