Total
28764 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-7008 | 2 Debian, Systemd Project | 2 Debian Linux, Systemd | 2024-05-22 | N/A | 5.9 MEDIUM |
| A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. | |||||
| CVE-2014-5122 | 1 Esri | 1 Arcgis Server | 2024-05-21 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login. | |||||
| CVE-2024-2814 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-05-17 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as critical. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-22362 | 1 Drupal | 1 Drupal | 2024-05-17 | N/A | 7.5 HIGH |
| Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition. | |||||
| CVE-2024-1011 | 1 Employee Management System Project | 1 Employee Management System | 2024-05-17 | 4.0 MEDIUM | 8.8 HIGH |
| A vulnerability classified as problematic was found in SourceCodester Employee Management System 1.0. This vulnerability affects unknown code of the file delete-leave.php of the component Leave Handler. The manipulation of the argument id leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252280. | |||||
| CVE-2023-7226 | 1 Meiyou | 1 Big Whale | 2024-05-17 | 6.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/all.api of the component Admin Module. The manipulation of the argument id leads to improper ownership management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250232. | |||||
| CVE-2023-7193 | 1 Mtab | 1 Bookmark | 2024-05-17 | 4.0 MEDIUM | 8.1 HIGH |
| A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file public/install.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249395. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7025 | 1 Kylinos | 1 Hedron-domain-hook | 2024-05-17 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6578 | 1 Softwareag | 1 Webmethods | 2024-05-17 | 7.5 HIGH | 6.5 MEDIUM |
| A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup may request username and password. By just clicking CANCEL you will be redirected to the directory. If you visited /invoke/wm.server/connect, you'll be able to see details like internal IPs, ports, and versions. In some cases if access to /assets/ is refused, you may enter /assets/x as a wrong value, then come back to /assets/ which we will show the requested data. It appears that insufficient access control is depending on referrer header data. VDB-247158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6467 | 1 Thecosy | 1 Icecms | 2024-05-17 | 2.1 LOW | 3.7 LOW |
| A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /Websquare/likeClickComment/ of the component Comment Like Handler. The manipulation leads to improper enforcement of a single, unique action. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-246617 was assigned to this vulnerability. | |||||
| CVE-2023-5916 | 1 Dashy | 1 Dashy | 2024-05-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as critical has been found in Lissy93 Dashy 2.1.1. This affects an unknown part of the file /config-manager/save of the component Configuration Handler. The manipulation of the argument config leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-244305 was assigned to this vulnerability. | |||||
| CVE-2023-4749 | 1 Mayurik | 1 Inventory Management System | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-47867 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2024-05-17 | N/A | 8.8 HIGH |
| MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device. | |||||
| CVE-2023-40453 | 1 Docker | 1 Machine | 2024-05-17 | N/A | 6.5 MEDIUM |
| Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-3786 | 1 Aures | 2 Komet, Komet Firmware | 2024-05-17 | 4.6 MEDIUM | 6.8 MEDIUM |
| A vulnerability classified as problematic has been found in Aures Komet up to 20230509. This affects an unknown part of the component Kiosk Mode. The manipulation leads to improper access controls. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-235053 was assigned to this vulnerability. | |||||
| CVE-2023-3643 | 1 Carel | 2 Boss Mini, Boss Mini Firmware | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233889 was assigned to this vulnerability. | |||||
| CVE-2023-3099 | 1 Ubuntukylin | 1 Youker-assistant | 2024-05-17 | 3.2 LOW | 7.1 HIGH |
| A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function delete_file in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230689 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3096 | 1 Kylinos | 1 Kylin-software-properties | 2024-05-17 | 4.3 MEDIUM | 7.8 HIGH |
| A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.1-130 is able to address this issue. It is recommended to upgrade the affected component. VDB-230686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-38898 | 1 Python | 1 Python | 2024-05-17 | N/A | 5.3 MEDIUM |
| An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug. | |||||
| CVE-2023-2902 | 1 Nfine Rapid Development Platform Project | 1 Nfine Rapid Development Platform | 2024-05-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in NFine Rapid Development Platform 20230511. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229976. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||