Vulnerabilities (CVE)

Filtered by CWE-20
Total 10666 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1351 1 Cisco 2 Ios, Nx-os 2023-10-19 7.8 HIGH 7.5 HIGH
The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279.
CVE-2022-3388 1 Hitachienergy 2 Microscada Pro Sys600, Microscada X Sys600 2023-10-19 N/A 7.8 HIGH
An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.
CVE-2023-45176 1 Ibm 2 App Connect Enterprise, Integration Bus 2023-10-19 N/A 5.5 MEDIUM
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998.
CVE-2021-29913 3 Apple, Ibm, Microsoft 3 Macos, Security Verify Privilege On-premises, Windows 2023-10-18 N/A 7.1 HIGH
IBM Security Verify Privilege On-Premise 11.5 could allow an authenticated user to obtain sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 207898.
CVE-2022-22384 3 Apple, Ibm, Microsoft 3 Macos, Security Verify Privilege On-premises, Windows 2023-10-18 N/A 4.3 MEDIUM
IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to modify messages returned from the server due to hazardous input validation. IBM X-Force ID: 221961.
CVE-2021-45223 1 Coins-global 1 Coins Construction Cloud 2023-10-18 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes.
CVE-2016-9157 1 Siemens 1 Sicam Pas\/pqs 2023-10-17 7.5 HIGH 9.8 CRITICAL
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP.
CVE-2022-43723 1 Siemens 1 Sicam Pas\/pqs 2023-10-17 N/A 7.5 HIGH
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06). Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the application crashes. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
CVE-2016-9156 1 Siemens 1 Sicam Pas\/pqs 2023-10-17 7.5 HIGH 7.3 HIGH
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP.
CVE-2023-5571 1 Vrite 1 Vrite 2023-10-17 N/A 7.5 HIGH
Improper Input Validation in GitHub repository vriteio/vrite prior to 0.3.0.
CVE-2021-1514 1 Cisco 23 Catalyst Sd-wan Manager, Sd-wan Vbond Orchestrator, Sd-wan Vmanage and 20 more 2023-10-16 4.6 MEDIUM 7.8 HIGH
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges.
CVE-2023-44103 1 Huawei 2 Emui, Harmonyos 2023-10-16 N/A 7.5 HIGH
Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2022-31607 2 Linux, Nvidia 6 Linux Kernel, Cloud Gaming Guest, Geforce and 3 more 2023-10-15 N/A 7.8 HIGH
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure.
CVE-2023-44110 1 Huawei 2 Emui, Harmonyos 2023-10-14 N/A 4.3 MEDIUM
Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability.
CVE-2023-26367 1 Adobe 2 Commerce, Magento 2023-10-14 N/A 4.9 MEDIUM
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.
CVE-2023-39265 1 Apache 1 Superset 2023-10-13 N/A 6.5 MEDIUM
Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.
CVE-2021-1053 3 Linux, Microsoft, Nvidia 3 Linux Kernel, Windows, Gpu Driver 2023-10-13 2.1 LOW 5.5 MEDIUM
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service.
CVE-2012-2136 1 Linux 1 Linux Kernel 2023-10-12 7.2 HIGH N/A
The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.
CVE-2023-38701 1 Iohk 1 Hydra 2023-10-11 N/A 9.1 CRITICAL
Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the `commit` validator, where they remain until they are either collected into the `head` validator or the protocol initialisation is aborted and the value in the committed UTxOs is returned to the users who committed them. Prior to version 0.12.0, the `commit` validator contains a flawed check when the `ViaAbort` redeemer is used, which allows any user to spend any UTxO which is at the validator arbitrarily, meaning an attacker can steal the funds that users are trying to commit into the head validator. The intended behavior is that the funds must be returned to the user which committed the funds and can only be performed by a participant of the head. The `initial` validator also is similarly affected as the same flawed check is performed for the `ViaAbort` redeemer. Due to this issue, an attacker can steal any funds that user's try to commit into a Hydra head. Also, an attacker can prevent any Hydra head from being successfully opened. It does not allow an attacker to take funds which have been successfully collected into and currently reside in the `head` validator. Version 0.12.0 contains a fix for this issue.
CVE-2023-43799 4 Altairgraphql, Apple, Linux and 1 more 4 Altair, Macos, Linux Kernel and 1 more 2023-10-10 N/A 7.8 HIGH
Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the software running on MacOS, Windows, and Linux. Version 5.2.5 fixes this issue.