Total
34396 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46763 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.3 Medium |
| Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously. | ||||
| CVE-2023-46757 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 High |
| The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2023-46755 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.3 Medium |
| Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart. | ||||
| CVE-2023-46723 | 1 Pajip | 1 Lte-pic32-writer | 2024-11-21 | 8.9 High |
| lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use `sendto.txt` are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNS(such as slack and zulip) URL and API key. As of time of publication, a patch is not yet available. As workarounds, avoid using `sendto.txt` or use `.htaccess` to block access to `sendto.txt`. | ||||
| CVE-2023-46666 | 1 Elastic | 1 Elastic Sharepoint Online Python Connector | 2024-11-21 | 5.3 Medium |
| An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch. | ||||
| CVE-2023-46510 | 1 Zioncom | 2 A7000r, A7000r Firmware | 2024-11-21 | 9.8 Critical |
| An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function. | ||||
| CVE-2023-46509 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2024-11-21 | 9.8 Critical |
| An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. | ||||
| CVE-2023-46501 | 1 Boltwire | 1 Boltwire | 2024-11-21 | 9.1 Critical |
| An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function. | ||||
| CVE-2023-46498 | 1 Evershop | 1 Evershop | 2024-11-21 | 9.8 Critical |
| An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file. | ||||
| CVE-2023-46404 | 1 Utoronto | 1 Pcrs | 2024-11-21 | 9.9 Critical |
| PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing. | ||||
| CVE-2023-46393 | 1 Gougucms | 1 Gougucms | 2024-11-21 | 7.5 High |
| gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet. | ||||
| CVE-2023-46363 | 1 Jbig2enc Project | 1 Jbig2enc | 2024-11-21 | 5.5 Medium |
| jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512. | ||||
| CVE-2023-46361 | 1 Artifex | 1 Jbig2dec | 2024-11-21 | 6.5 Medium |
| Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c. | ||||
| CVE-2023-46360 | 1 Hardy-barth | 2 Cph2 Echarge, Cph2 Echarge Firmware | 2024-11-21 | 8.8 High |
| Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges. | ||||
| CVE-2023-46322 | 1 Iterm2 | 1 Iterm2 | 2024-11-21 | 9.8 Critical |
| iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period. | ||||
| CVE-2023-46321 | 1 Iterm2 | 1 Iterm2 | 2024-11-21 | 9.8 Critical |
| iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line. | ||||
| CVE-2023-46319 | 1 Wallix | 1 Bastion | 2024-11-21 | 7.5 High |
| WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface. | ||||
| CVE-2023-46317 | 1 Nic | 1 Knot Resolver | 2024-11-21 | 7.5 High |
| Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers. | ||||
| CVE-2023-46316 | 3 Buc, Debian, Redhat | 4 Traceroute, Debian Linux, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
| In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. | ||||
| CVE-2023-46298 | 1 Vercel | 1 Next.js | 2024-11-21 | 7.5 High |
| Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. | ||||