Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52428 | 1 Connect2id | 1 Nimbus Jose\+jwt | 2024-11-21 | N/A | 7.5 HIGH |
|
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
|
|||||
| CVE-2023-52286 | 1 Tencent | 1 Tencent Distributed Sql | 2024-11-21 | N/A | 7.5 HIGH |
|
Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387.
|
|||||
| CVE-2023-52262 | 1 Outdoorbits | 1 Little Backup Box | 2024-11-21 | N/A | 9.8 CRITICAL |
|
outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input.
|
|||||
| CVE-2023-52208 | 1 Constantcontact | 1 Constant Contact Forms | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2.
|
|||||
| CVE-2023-52190 | 1 Wpswings | 1 Coupon Referral Program | 2024-11-21 | N/A | 7.5 HIGH |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2.
|
|||||
| CVE-2023-52187 | 1 Imagesourcecontrol | 1 Image Source Control | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through 2.17.0.
|
|||||
| CVE-2023-52185 | 1 Everestthemes | 1 Everest Backup | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin.This issue affects Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin: from n/a through 2.1.9.
|
|||||
| CVE-2023-52151 | 1 Uncannyowl | 1 Uncanny Automator | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin.This issue affects Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin: from n/a through 5.1.0.2.
|
|||||
| CVE-2023-52148 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.30.
|
|||||
| CVE-2023-52126 | 1 Sumanbhattarai | 1 Send Users Email | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email.This issue affects Send Users Email: from n/a through 1.4.3.
|
|||||
| CVE-2023-52114 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
|
Data confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity.
|
|||||
| CVE-2023-52106 | 1 Huawei | 1 Harmonyos | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Vulnerability of permission verification for APIs in the DownloadProviderMain module.
Impact: Successful exploitation of this vulnerability will affect integrity and availability.
|
|||||
| CVE-2023-52093 | 1 Trendmicro | 1 Apex One | 2024-11-21 | N/A | 7.8 HIGH |
|
An exposed dangerous function vulnerability in the Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
|
|||||
| CVE-2023-52042 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter.
|
|||||
| CVE-2023-51777 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error.
|
|||||
| CVE-2023-51750 | 2 Microsoft, Scalefusion | 2 Windows, Scalefusion | 2024-11-21 | N/A | 4.6 MEDIUM |
|
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."
|
|||||
| CVE-2023-51749 | 1 Scalefusion | 1 Scalefusion | 2024-11-21 | N/A | 8.8 HIGH |
|
ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."
|
|||||
| CVE-2023-51688 | 1 Implecode | 1 Ecommerce Product Catalog | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26.
|
|||||
| CVE-2023-51687 | 1 Implecode | 1 Product Catalog Simple | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple.This issue affects Product Catalog Simple: from n/a through 1.7.6.
|
|||||
| CVE-2023-51673 | 1 Stylishpricelist | 1 Stylish Price List | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17.
|
|||||
| CVE-2023-51527 | 1 Aipower | 1 Aipower | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.2.
|
|||||
| CVE-2023-51438 | 2 Microchip, Siemens | 4 Maxview Storage Manager, Simatic Ipc1047e, Simatic Ipc647e and 1 more | 2024-11-21 | N/A | 10.0 CRITICAL |
|
A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access.
|
|||||
| CVE-2023-51431 | 1 Hihonor | 1 Phoneservice | 2024-11-21 | N/A | 7.0 HIGH |
|
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.
|
|||||
| CVE-2023-51406 | 1 Ninjateam | 1 Fastdup | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup – Fastest WordPress Migration & Duplicator.This issue affects FastDup – Fastest WordPress Migration & Duplicator: from n/a through 2.1.7.
|
|||||
| CVE-2023-51384 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
|
|||||
| CVE-2023-51363 | 1 Buffalo | 2 Vr-s1000, Vr-s1000 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
|
VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information.
|
|||||
| CVE-2023-51079 | 1 Mvel | 1 Mvel | 2024-11-21 | N/A | 5.3 MEDIUM |
|
A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."
|
|||||
| CVE-2023-51027 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.
|
|||||
| CVE-2023-51026 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi.
|
|||||
| CVE-2023-51025 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi.
|
|||||
| CVE-2023-51024 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi.
|
|||||
| CVE-2023-51023 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi.
|
|||||
| CVE-2023-51022 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi.
|
|||||
| CVE-2023-51021 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi.
|
|||||
| CVE-2023-51020 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi.
|
|||||
| CVE-2023-51019 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.
|
|||||
| CVE-2023-51017 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi.
|
|||||
| CVE-2023-51015 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi
|
|||||
| CVE-2023-51014 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi
|
|||||
| CVE-2023-51013 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi.
|
|||||