Total
10666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40797 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2023-08-29 | N/A | 8.8 HIGH |
| In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability. | |||||
| CVE-2023-40798 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2023-08-29 | N/A | 8.8 HIGH |
| In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability. | |||||
| CVE-2023-40034 | 1 Woodpecker-ci | 1 Woodpecker | 2023-08-25 | N/A | 8.1 HIGH |
| Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and connected to a forge witch is also in public usage. This issue has been addressed in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should secure the CI system by making it inaccessible to untrusted entities, for example, by placing it behind a firewall. | |||||
| CVE-2023-4435 | 1 Hamza417 | 1 Inure | 2023-08-25 | N/A | 5.5 MEDIUM |
| Improper Input Validation in GitHub repository hamza417/inure prior to build88. | |||||
| CVE-2023-2673 | 1 Phoenixcontact | 52 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 4102 Pci and 49 more | 2023-08-25 | N/A | 5.3 MEDIUM |
| Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks. | |||||
| CVE-2022-39266 | 1 Isolated-vm Project | 1 Isolated-vm | 2023-08-24 | N/A | 9.8 CRITICAL |
| isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7 changes the documentation to warn users that they should not accept `cachedData` payloads from a user. | |||||
| CVE-2023-25915 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2023-08-24 | N/A | 9.8 CRITICAL |
| Due to improper input validation, a remote attacker could execute arbitrary commands on the target system. | |||||
| CVE-2023-40165 | 1 Rubygems | 1 Rubygems.org | 2023-08-24 | N/A | 7.5 HIGH |
| rubygems.org is the Ruby community's primary gem (library) hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching `/-\d/`, permanently replacing the legitimate upload in the canonical gem storage bucket, and triggering an immediate CDN purge so that the malicious gem would be served immediately. The maintainers have checked all gems matching the `/-\d/` pattern and can confirm that no unexpected `.gem`s were found. As a result, we believe this vulnerability was _not_ exploited. The easiest way to ensure that a user's applications were not exploited by this vulnerability is to check that all of your downloaded .gems have a checksum that matches the checksum recorded in the RubyGems.org database. RubyGems contributor Maciej Mensfeld wrote a tool to automatically check that all downloaded .gem files match the checksums recorded in the RubyGems.org database. You can use it by running: `bundle add bundler-integrity` followed by `bundle exec bundler-integrity`. Neither this tool nor anything else can prove you were not exploited, but the can assist your investigation by quickly comparing RubyGems API-provided checksums with the checksums of files on your disk. The issue has been patched with improved input validation and the changes are live. No action is required on the part of the user. Users are advised to validate their local gems. | |||||
| CVE-2023-40272 | 1 Apache | 1 Apache-airflow-providers-apache-spark | 2023-08-24 | N/A | 7.5 HIGH |
| Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected. | |||||
| CVE-2023-20560 | 2 Amd, Microsoft | 4 Ryzen Master, Ryzen Master Monitoring Sdk, Windows 10 and 1 more | 2023-08-23 | N/A | 4.4 MEDIUM |
| Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service. | |||||
| CVE-2023-20564 | 2 Amd, Microsoft | 4 Ryzen Master, Ryzen Master Monitoring Sdk, Windows 10 and 1 more | 2023-08-23 | N/A | 6.7 MEDIUM |
| Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution. | |||||
| CVE-2023-2917 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2023-08-23 | N/A | 9.8 CRITICAL |
| The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities. | |||||
| CVE-2023-2915 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2023-08-23 | N/A | 9.1 CRITICAL |
| The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition. | |||||
| CVE-2023-2914 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2023-08-23 | N/A | 7.5 HIGH |
| The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software. | |||||
| CVE-2023-38737 | 1 Ibm | 1 Websphere Application Server | 2023-08-22 | N/A | 7.5 HIGH |
| IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567. | |||||
| CVE-2023-29457 | 1 Zabbix | 1 Frontend | 2023-08-22 | N/A | 6.1 MEDIUM |
| Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts. | |||||
| CVE-2023-29456 | 1 Zabbix | 1 Frontend | 2023-08-22 | N/A | 5.4 MEDIUM |
| URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards. | |||||
| CVE-2023-29455 | 1 Zabbix | 1 Frontend | 2023-08-22 | N/A | 6.1 MEDIUM |
| Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts. | |||||
| CVE-2023-29454 | 1 Zabbix | 1 Frontend | 2023-08-22 | N/A | 5.4 MEDIUM |
| Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages. | |||||
| CVE-2023-29451 | 1 Zabbix | 1 Zabbix | 2023-08-22 | N/A | 7.5 HIGH |
| Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy. | |||||