Total
10666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40365 | 1 Siemens | 192 Simatic Et 200 Sp Open Controller Cpu 1515sp Pc, Simatic Et 200 Sp Open Controller Cpu 1515sp Pc Firmware, Simatic S7-1200 Cpu 1211c and 189 more | 2023-09-12 | N/A | 7.5 HIGH |
| Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | |||||
| CVE-2018-11574 | 2 Canonical, Point-to-point Protocol Project | 2 Ubuntu Linux, Point-to-point Protocol | 2023-09-11 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected. | |||||
| CVE-2015-2202 | 2 Arubanetworks, Hp | 2 Airwave, Airwave | 2023-09-08 | N/A | 7.2 HIGH |
| Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS. | |||||
| CVE-2023-34317 | 1 Openautomationsoftware | 1 Oas Platform | 2023-09-08 | N/A | 6.5 MEDIUM |
| An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-43903 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2023-09-08 | N/A | 6.5 MEDIUM |
| IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation. IBM X-Force ID: 240894. | |||||
| CVE-2023-33914 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2023-09-08 | N/A | 7.5 HIGH |
| In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information disclosure no additional execution privileges needed | |||||
| CVE-2023-41266 | 1 Qlik | 1 Qlik Sense | 2023-09-08 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13. | |||||
| CVE-2022-47353 | 2 Google, Unisoc | 7 Android, S8000, T610 and 4 more | 2023-09-08 | N/A | 4.4 MEDIUM |
| In vdsp device, there is a possible system crash due to improper input validation.This could lead to local denial of service with System execution privileges needed | |||||
| CVE-2023-4481 | 1 Juniper | 2 Junos, Junos Os Evolved | 2023-09-07 | N/A | 7.5 HIGH |
| An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers. Continuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. | |||||
| CVE-2023-41748 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2023-09-06 | N/A | 9.8 CRITICAL |
| Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | |||||
| CVE-2023-41747 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2023-09-06 | N/A | 7.5 HIGH |
| Sensitive information disclosure due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | |||||
| CVE-2023-41746 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2023-09-06 | N/A | 9.8 CRITICAL |
| Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | |||||
| CVE-2023-3704 | 1 Cpplusworld | 18 Cp-uvr-0401l1-4kh, Cp-uvr-0401l1-4kh Firmware, Cp-uvr-0401l1b-4kh and 15 more | 2023-09-01 | N/A | 5.3 MEDIUM |
| The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device. | |||||
| CVE-2023-27604 | 1 Apache | 1 Airflow Sqoop Provider | 2023-09-01 | N/A | 8.8 HIGH |
| Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections. It is recommended to upgrade to a version that is not affected. This issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it. | |||||
| CVE-2023-4698 | 1 Usememos | 1 Memos | 2023-09-01 | N/A | 7.5 HIGH |
| Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2. | |||||
| CVE-2021-43802 | 1 Etherpad | 1 Etherpad | 2023-08-31 | 9.0 HIGH | 8.8 HIGH |
| Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute arbitrary code (including system commands). To gain privileges, the attacker must be able to trigger deletion of `express-session` state or wait for old `express-session` state to be cleaned up. Core Etherpad does not delete any `express-session` state, so the only known attacks require either a plugin that can delete session state or a custom cleanup process (such as a cron job that deletes old `sessionstorage:*` records). The problem has been fixed in version 1.8.16. If users cannot upgrade to 1.8.16 or install patches manually, several workarounds are available. Users may configure their reverse proxies to reject requests to `/p/*/import`, which will block all imports, not just `*.etherpad` imports; limit all users to read-only access; and/or prevent the reuse of `express_sid` cookie values that refer to deleted express-session state. More detailed information and general mitigation strategies may be found in the GitHub Security Advisory. | |||||
| CVE-2023-38060 | 1 Otrs | 1 Otrs | 2023-08-31 | N/A | 8.8 HIGH |
| Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | |||||
| CVE-2022-4427 | 1 Otrs | 1 Otrs | 2023-08-31 | N/A | 9.8 CRITICAL |
| Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | |||||
| CVE-2023-40800 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2023-08-29 | N/A | 8.8 HIGH |
| The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn. | |||||
| CVE-2023-40801 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2023-08-29 | N/A | 8.8 HIGH |
| The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn | |||||