Export limit exceeded: 348174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25204 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25204 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40179 | 1 Silverwaregames | 1 Silverwaregames | 2024-11-21 | 5.3 Medium |
| Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member of the site. Since version 1.3.6, the "Enter the code" form is always returned, showing the message "If the entered email is associated with an account, a code will be sent now". This change prevents potential violators from determining if our site has a user with the specified email. | ||||
| CVE-2023-40171 | 1 Netflix | 1 Dispatch | 2024-11-21 | 9.1 Critical |
| Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for signing JWT tokens in error message when the `Dispatch Plugin - Basic Authentication Provider` plugin encounters an error when attempting to decode a JWT token. Any Dispatch users who own their instance and rely on the `Dispatch Plugin - Basic Authentication Provider` plugin for authentication may be impacted, allowing for any account to be taken over within their own instance. This could be done by using the secret to sign attacker crafted JWTs. If you think that you may be impacted, we strongly suggest you to rotate the secret stored in the `DISPATCH_JWT_SECRET` envvar in the `.env` file. This issue has been addressed in commit `b1942a4319` which has been included in the `20230817` release. users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-40165 | 1 Rubygems | 1 Rubygems.org | 2024-11-21 | 7.4 High |
| rubygems.org is the Ruby community's primary gem (library) hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching `/-\d/`, permanently replacing the legitimate upload in the canonical gem storage bucket, and triggering an immediate CDN purge so that the malicious gem would be served immediately. The maintainers have checked all gems matching the `/-\d/` pattern and can confirm that no unexpected `.gem`s were found. As a result, we believe this vulnerability was _not_ exploited. The easiest way to ensure that a user's applications were not exploited by this vulnerability is to check that all of your downloaded .gems have a checksum that matches the checksum recorded in the RubyGems.org database. RubyGems contributor Maciej Mensfeld wrote a tool to automatically check that all downloaded .gem files match the checksums recorded in the RubyGems.org database. You can use it by running: `bundle add bundler-integrity` followed by `bundle exec bundler-integrity`. Neither this tool nor anything else can prove you were not exploited, but the can assist your investigation by quickly comparing RubyGems API-provided checksums with the checksums of files on your disk. The issue has been patched with improved input validation and the changes are live. No action is required on the part of the user. Users are advised to validate their local gems. | ||||
| CVE-2023-40097 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-40090 | 1 Google | 1 Android | 2024-11-21 | 6.5 Medium |
| In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-40062 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 8 High |
| SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges. | ||||
| CVE-2023-40061 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 8.8 High |
| Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. | ||||
| CVE-2023-40058 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 6.5 Medium |
| Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment. | ||||
| CVE-2023-40053 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 5 Medium |
| A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | ||||
| CVE-2023-40049 | 1 Progress | 1 Ws Ftp Server | 2024-11-21 | 5.3 Medium |
| In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing. | ||||
| CVE-2023-40034 | 1 Woodpecker-ci | 1 Woodpecker | 2024-11-21 | 8.1 High |
| Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and connected to a forge witch is also in public usage. This issue has been addressed in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should secure the CI system by making it inaccessible to untrusted entities, for example, by placing it behind a firewall. | ||||
| CVE-2023-40029 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-11-21 | 9.9 Critical |
| Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access. **Note:** In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive. The bug has been patched in versions 2.8.3, 2.7.14, and 2.6.15. Users are advised to upgrade. Users unable to upgrade should update/deploy cluster secret with `server-side-apply` flag which does not use or rely on `kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation for existing secrets will require manual removal. | ||||
| CVE-2023-40023 | 1 Yaklang | 1 Yaklang | 2024-11-21 | 6.5 Medium |
| yaklang is a programming language designed for cybersecurity. The Yak Engine has been found to contain a local file inclusion (LFI) vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to the unintended exposure of sensitive data, potential remote code execution, or other security breaches. Users utilizing versions of the Yak Engine prior to 1.2.4-sp1 are impacted. This vulnerability has been patched in version 1.2.4-sp1. Users are advised to upgrade. users unable to upgrade may avoid exposing vulnerable versions to untrusted input and to closely monitor any unexpected server behavior until they can upgrade. | ||||
| CVE-2023-40021 | 1 Oppia | 1 Oppia | 2024-11-21 | 5.3 Medium |
| Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator (`==`), which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by character. Once they have recovered the token, they can then submit a forged request on behalf of a logged-in user and execute privileged actions on that user's behalf. In particular the function to validate received CSRF tokens is at `oppia.core.controllers.base.CsrfTokenManager.is_csrf_token_valid`. An attacker who can lure a logged-in Oppia user to a malicious website can perform any change on Oppia that the user is authorized to do, including changing profile information; creating, deleting, and changing explorations; etc. Note that the attacker cannot change a user's login credentials. An attack would need to complete within 1 second because every second, the time used in computing the token changes. This issue has been addressed in commit `b89bf80837` which has been included in release `3.3.2-hotfix-2`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-40002 | 1 Booster | 1 Booster For Woocommerce | 2024-11-21 | 6.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce plugin <= 7.1.1 versions. | ||||
| CVE-2023-3894 | 1 Fasterxml | 1 Jackson-dataformats-text | 2024-11-21 | 5.8 Medium |
| Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | ||||
| CVE-2023-3819 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4. | ||||
| CVE-2023-3770 | 1 Ingeteam | 2 Ingepac Da3451, Ingepac Da3451 Firmware | 2024-11-21 | 5.3 Medium |
| Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication. | ||||
| CVE-2023-3769 | 1 Ingeteam | 2 Ingepac Fc5066, Ingepac Fc5066 Firmware | 2024-11-21 | 8.6 High |
| Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services. | ||||
| CVE-2023-3768 | 1 Ingeteam | 6 Ingepac Da3451, Ingepac Da3451 Firmware, Ingepac Ef Md and 3 more | 2024-11-21 | 8.6 High |
| Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services. | ||||