Search
Total
211895 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-33982 | 1 Briarproject | 1 Briar | 2023-06-01 | N/A | 5.9 MEDIUM |
Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol. | |||||
CVE-2022-4815 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Analytics Server | 2023-06-01 | N/A | 8.8 HIGH |
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. | |||||
CVE-2023-25470 | 1 Rus-to-lat Project | 1 Rus-to-lat | 2023-06-01 | N/A | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov Rus-To-Lat plugin <= 0.3 versions. | |||||
CVE-2023-25029 | 1 Wp Social Bookmarking Light Project | 1 Wp Social Bookmarking Light | 2023-06-01 | N/A | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bookmarking Light plugin <= 2.0.7 versions. | |||||
CVE-2022-41221 | 1 Opentext | 1 Archive Center Administration | 2023-06-01 | N/A | 7.1 HIGH |
The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it. | |||||
CVE-2023-25599 | 1 Mitel | 1 Mivoice Connect | 2023-06-01 | N/A | 7.4 HIGH |
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
CVE-2023-25034 | 1 Wp Clean Up Project | 1 Wp Clean Up | 2023-06-01 | N/A | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean Up plugin <= 1.2.3 versions. | |||||
CVE-2023-25038 | 1 984.ru | 1 For The Visually Impaired | 2023-06-01 | N/A | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visually impaired plugin <= 0.58 versions. | |||||
CVE-2022-47144 | 1 Frenify | 1 Mediamatic | 2023-06-01 | N/A | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions. | |||||
CVE-2023-2817 | 1 Craftcms | 1 Craft Cms | 2023-06-01 | N/A | 5.4 MEDIUM |
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively. | |||||
CVE-2023-25467 | 1 Resize At Upload Plus Project | 1 Resize At Upload Plus | 2023-06-01 | N/A | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Huizinga Resize at Upload Plus plugin <= 1.3 versions. | |||||
CVE-2023-25058 | 1 Brainstormforce | 1 Schema | 2023-06-01 | N/A | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5 versions. | |||||
CVE-2023-31594 | 1 Ic | 2 Realtime Icip-p2012t, Realtime Icip-p2012t Firmware | 2023-06-01 | N/A | 7.5 HIGH |
IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network. | |||||
CVE-2022-0010 | 1 Abb | 5 Platform Engineering Tools, Qcs 800xa, Qcs 800xa Firmware and 2 more | 2023-06-01 | N/A | 5.5 MEDIUM |
Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0. | |||||
CVE-2023-33965 | 2023-06-01 | N/A | N/A | ||
Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution. A patch is available in version 20230606. | |||||
CVE-2023-33552 | 2023-06-01 | N/A | N/A | ||
Heap Buffer Overflow in the erofs_read_one_data function at data.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. | |||||
CVE-2023-33551 | 2023-06-01 | N/A | N/A | ||
Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. | |||||
CVE-2023-31923 | 1 Supremainc | 1 Biostar 2 | 2023-06-01 | N/A | 8.8 HIGH |
Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be exploited to gain full administrator privileges on the system. | |||||
CVE-2023-32348 | 1 Teltonika | 1 Remote Management System | 2023-06-01 | N/A | 5.8 MEDIUM |
Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN. | |||||
CVE-2023-3035 | 2023-06-01 | N/A | N/A | ||
A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Schedule Handler. The manipulation of the argument description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230467. |