Total
34395 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43583 | 1 Zoom | 3 Meeting Software Development Kit, Video Software Development Kit, Zoom | 2024-11-21 | 4.9 Medium |
| Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access. | ||||
| CVE-2023-43509 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 5.8 Medium |
| A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious software. | ||||
| CVE-2023-43506 | 2 Arubanetworks, Linux | 2 Clearpass Policy Manager, Linux Kernel | 2024-11-21 | 7.8 High |
| A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. | ||||
| CVE-2023-43498 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 8.1 High |
| In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used. | ||||
| CVE-2023-43494 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.3 Medium |
| Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered. | ||||
| CVE-2023-43472 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 7.5 High |
| An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API. | ||||
| CVE-2023-43457 | 1 Oretnom23 | 1 Service Provider Management System | 2024-11-21 | 9.8 Critical |
| An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. | ||||
| CVE-2023-43323 | 1 Moosocial | 1 Moosocial | 2024-11-21 | 6.5 Medium |
| mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink]. | ||||
| CVE-2023-43305 | 1 Linecorp | 1 Line | 2024-11-21 | 8.2 High |
| An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43303 | 1 Linecorp | 1 Line | 2024-11-21 | 8.2 High |
| An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43302 | 1 Linecorp | 1 Line | 2024-11-21 | 8.2 High |
| An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43301 | 1 Linecorp | 1 Line | 2024-11-21 | 8.2 High |
| An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43300 | 1 Linecorp | 1 Line | 2024-11-21 | 8.2 High |
| An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43299 | 1 Linecorp | 1 Line | 2024-11-21 | 5.3 Medium |
| An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43284 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 8.8 High |
| D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter. | ||||
| CVE-2023-43234 | 1 Dedebiz | 1 Dedebiz | 2024-11-21 | 9.8 Critical |
| DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. | ||||
| CVE-2023-43222 | 1 Seacms | 1 Seacms | 2024-11-21 | 9.8 Critical |
| SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. | ||||
| CVE-2023-43216 | 1 Seacms | 1 Seacms | 2024-11-21 | 9.8 Critical |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php. | ||||
| CVE-2023-43120 | 1 Extremenetworks | 1 Exos | 2024-11-21 | 8.8 High |
| An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request. | ||||
| CVE-2023-43115 | 3 Artifex, Fedoraproject, Redhat | 4 Ghostscript, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 8.8 High |
| In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server). | ||||