CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: July 18, 2024. 15:40:39 UTC
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-5068 | Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This could allow an attacker to execute code in the context of the current process. | September 21, 2023. 23:15:00 | [diastudio.deltaww.com][www.cisa.gov] |
| CVE-2022-30114 | A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS. | September 21, 2023. 22:15:00 | [str0ng4le.github.io][www.fastweb.it] |
| CVE-2020-35357 | A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution. | September 21, 2023. 20:15:00 | [savannah.gnu.org][git.savannah.gnu.org] |
| CVE-2023-43374 | Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php. | September 21, 2023. 20:03:00 | [flashy-lemonade-192.notion.site] |
| CVE-2023-43373 | Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php. | September 21, 2023. 20:02:00 | [flashy-lemonade-192.notion.site] |
| CVE-2023-43566 | In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration | September 21, 2023. 20:01:00 | [www.jetbrains.com] |
| CVE-2022-47559 | ** UNSUPPPORTED WHEN ASSIGNED ** Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity. | September 21, 2023. 19:53:00 | [www.incibe.es] |
| CVE-2023-23957 | An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | September 21, 2023. 19:50:00 | [support.broadcom.com] |
| CVE-2022-47554 | ** UNSUPPPORTED WHEN ASSIGNED ** Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server. | September 21, 2023. 19:44:00 | [www.incibe.es] |
| CVE-2023-38582 | ** UNSUPPPORTED WHEN ASSIGNED ** Persistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAIL_RCV. When a legitimate user attempts to access to the vulnerable page of the web application, the XSS payload will be executed. | September 21, 2023. 19:39:00 | [www.cisa.gov] |
| CVE-2023-32003 | `fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | September 21, 2023. 19:38:00 | [hackerone.com][lists.fedoraproject.org] |
| CVE-2023-39058 | An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | September 21, 2023. 19:33:00 | [github.com][thebmembers.com] |
| CVE-2023-26143 | Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options. | September 21, 2023. 19:28:00 | [security.snyk.io][gist.github.com] |
| CVE-2023-0773 | The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device. | September 21, 2023. 19:24:00 | [www.cert-in.org.in][global.uniview.com] |
| CVE-2023-4096 | Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user. | September 21, 2023. 19:24:00 | [www.incibe.es] |
| CVE-2023-41064 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | September 21, 2023. 19:15:00 | [support.apple.com][support.apple.com] |
| CVE-2023-32649 | A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets. During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed. | September 21, 2023. 19:04:00 | [security.nozominetworks.com] |
| CVE-2023-2567 | A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way. | September 21, 2023. 18:59:00 | [security.nozominetworks.com] |
| CVE-2023-4094 | ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the login form. | September 21, 2023. 18:58:00 | [www.incibe.es] |
| CVE-2023-29245 | A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets. Malicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, or to alter its structure and data. | September 21, 2023. 18:52:00 | [security.nozominetworks.com] |
Page 785 of 1331
