Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39150 | 1 Maximus5 | 1 Conemu | 2024-11-21 | N/A | 9.8 CRITICAL |
|
ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.
|
|||||
| CVE-2023-39137 | 1 Archive Project | 1 Archive | 2024-11-21 | N/A | 7.8 HIGH |
|
An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing.
|
|||||
| CVE-2023-39136 | 1 Ziparchive Project | 1 Ziparchive | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An unhandled edge case in the component _sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service (DoS) via a crafted zip file.
|
|||||
| CVE-2023-39114 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | N/A | 5.5 MEDIUM |
|
ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif.
|
|||||
| CVE-2023-39113 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | N/A | 5.5 MEDIUM |
|
ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga.
|
|||||
| CVE-2023-39076 | 1 Gm | 2 Chevrolet Equinox, Mylink Infotainment System | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Injecting random data into the USB memory area on a General Motors (GM) Chevrolet Equinox 2021 Software. 2021.03.26 (build version) vehicle causes a Denial of Service (DoS) in the in-car infotainment system.
|
|||||
| CVE-2023-39075 | 1 Renault | 2 Zoe Ev 2021, Zoe Ev 2021 Firmware | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device.
|
|||||
| CVE-2023-39059 | 1 Ansible-semaphore | 1 Ansible Semaphore | 2024-11-21 | N/A | 8.8 HIGH |
|
An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.
|
|||||
| CVE-2023-39057 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | N/A | 7.5 HIGH |
|
An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
|
|||||
| CVE-2023-39054 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | N/A | 7.5 HIGH |
|
An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
|
|||||
| CVE-2023-39053 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | N/A | 7.5 HIGH |
|
An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
|
|||||
| CVE-2023-39052 | 1 Earthgarden Waiting Project | 1 Earthgarden Waiting | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages.
|
|||||
| CVE-2023-39051 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | N/A | 7.5 HIGH |
|
An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
|
|||||
| CVE-2023-39050 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | N/A | 7.5 HIGH |
|
An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
|
|||||
| CVE-2023-39048 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | N/A | 7.5 HIGH |
|
An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
|
|||||
| CVE-2023-39047 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | N/A | 7.5 HIGH |
|
An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
|
|||||
| CVE-2023-39045 | 1 Kokoroe Members Card Project | 1 Kokoroe Members Card | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages.
|
|||||
| CVE-2023-39044 | 1 Ajino-shiretoko Project | 1 Ajino-shiretoko | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
|
|||||
| CVE-2023-39042 | 1 Lycorp | 1 Line Mini App | 2024-11-21 | N/A | 7.5 HIGH |
|
An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
|
|||||
| CVE-2023-39041 | 1 Kukurudeli Project | 1 Kukurudeli | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
|
|||||
| CVE-2023-38996 | 1 Douran | 1 Dsgate | 2024-11-21 | N/A | 6.7 MEDIUM |
|
An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command.
|
|||||
| CVE-2023-38990 | 1 Jeesite | 1 Jeesite | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator.
|
|||||
| CVE-2023-38988 | 1 Jeesite | 1 Jeesite | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators.
|
|||||
| CVE-2023-38949 | 1 Zkteco | 1 Biotime | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request.
|
|||||
| CVE-2023-38909 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.
|
|||||
| CVE-2023-38908 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.
|
|||||
| CVE-2023-38907 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key.
|
|||||
| CVE-2023-38906 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.
|
|||||
| CVE-2023-38886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A | 7.2 HIGH |
|
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.
|
|||||
| CVE-2023-38849 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.
|
|||||
| CVE-2023-38848 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.
|
|||||
| CVE-2023-38847 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.
|
|||||
| CVE-2023-38846 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.
|
|||||
| CVE-2023-38845 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.
|
|||||
| CVE-2023-38840 | 1 Bitwarden | 1 Bitwarden | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.
|
|||||
| CVE-2023-38750 | 1 Zimbra | 1 Zimbra | 2024-11-21 | N/A | 7.5 HIGH |
|
In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.
|
|||||
| CVE-2023-38740 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.
|
|||||
| CVE-2023-38736 | 1 Ibm | 1 Qradar Wincollect | 2024-11-21 | N/A | 7.5 HIGH |
|
IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack that a normal user could utilize to gain SYSTEM permissions. IBM X-Force ID: 262542.
|
|||||
| CVE-2023-38728 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.
|
|||||
| CVE-2023-38727 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.
|
|||||