Total
34396 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49957 | 1 Dallmann-consulting | 1 Open Charge Point Protocol | 2024-11-21 | 7.5 High |
| An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It permits multiple transactions with the same connectorId and idTag, contrary to the expected ConcurrentTx status. This could result in critical transaction management and billing errors. NOTE: the vendor's perspective is "Imagine you've got two cars in your family and want to charge both in parallel on the same account/token? Why should that be rejected?" | ||||
| CVE-2023-49956 | 1 Dallmann-consulting | 1 Open Charge Point Protocol | 2024-11-21 | 7.5 High |
| An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. A StopTransaction message with any random transactionId terminates active transactions. | ||||
| CVE-2023-49955 | 1 Dallmann-consulting | 1 Open Charge Point Protocol | 2024-11-21 | 7.5 High |
| An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotification message, potentially leading to server instability and a denial of service when processing excessively large inputs. NOTE: the vendor's perspective is "OCPP.Core is intended for use in a protected environment/network." | ||||
| CVE-2023-49948 | 1 Forgejo | 1 Forgejo | 2024-11-21 | 5.3 Medium |
| Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss (or another extension) to a URL. | ||||
| CVE-2023-49944 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-11-21 | 6.7 Medium |
| The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature. | ||||
| CVE-2023-49914 | 1 Choosemuse | 2 Muse 2, Muse 2 Firmware | 2024-11-21 | 6.5 Medium |
| InteraXon Muse 2 devices allow remote attackers to cause a denial of service (incorrect Muse App report of an outstanding, calm meditation state) via a 480 MHz RF carrier that is modulated by a "false" brain wave, aka a Brain-Hack attack. For example, the Muse App does not display the reception of a strong RF carrier, and alert the user that a report may be misleading if this carrier has been modulated by a low-frequency signal. | ||||
| CVE-2023-49880 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 7.5 High |
| In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183. | ||||
| CVE-2023-49874 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID. | ||||
| CVE-2023-49796 | 1 Mindsdb | 1 Mindsdb | 2024-11-21 | 5.3 Medium |
| MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue. | ||||
| CVE-2023-49694 | 1 Netgear | 1 Prosafe Network Management System | 2024-11-21 | 7.8 High |
| A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM. | ||||
| CVE-2023-49610 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2024-11-21 | 8.1 High |
| MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack. | ||||
| CVE-2023-49580 | 1 Sap | 1 Graphical User Interface | 2024-11-21 | 7.3 High |
| SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create Layout configurations of the ABAP List Viewer and with this causing a mild impact on integrity and availability, e.g. also increasing the response times of the AS ABAP. | ||||
| CVE-2023-49578 | 1 Sap | 1 Cloud Connector | 2024-11-21 | 3.5 Low |
| SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application. | ||||
| CVE-2023-49551 | 1 Cesanta | 1 Mjs | 2024-11-21 | 7.5 High |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file. | ||||
| CVE-2023-49515 | 1 Tp-link | 4 Tapo C200, Tapo C200 Firmware, Tapo Tc70 and 1 more | 2024-11-21 | 4.6 Medium |
| Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components. | ||||
| CVE-2023-49464 | 1 Struktur | 1 Libheif | 2024-11-21 | 8.8 High |
| libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci. | ||||
| CVE-2023-49463 | 1 Struktur | 1 Libheif | 2024-11-21 | 8.8 High |
| libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc. | ||||
| CVE-2023-49460 | 1 Struktur | 1 Libheif | 2024-11-21 | 8.8 High |
| libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image. | ||||
| CVE-2023-49409 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet. | ||||
| CVE-2023-49406 | 1 Tenda | 2 W30e, W30e Firmware | 2024-11-21 | 9.8 Critical |
| Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet. | ||||