Total
11506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47107 | 1 Thm | 1 Pilos | 2024-11-21 | N/A | 8.8 HIGH |
| PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. This only affects local user accounts and requires the password reset option to be enabled. This issue has been patched in version 2.3.0. | |||||
| CVE-2023-47106 | 1 Traefik | 1 Traefik | 2024-11-21 | N/A | 4.8 MEDIUM |
| Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-47003 | 1 Redislabs | 1 Redisgraph | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. | |||||
| CVE-2023-46851 | 1 Apache | 1 Allura | 2024-11-21 | N/A | 4.9 MEDIUM |
| Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them. Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution. This issue affects Apache Allura from 1.0.1 through 1.15.0. Users are recommended to upgrade to version 1.16.0, which fixes the issue. If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file. | |||||
| CVE-2023-46763 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously. | |||||
| CVE-2023-46289 | 1 Rockwellautomation | 1 Factorytalk View | 2024-11-21 | N/A | 7.5 HIGH |
| Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition. | |||||
| CVE-2023-46285 | 1 Siemens | 4 Opcenter Quality, Simatic Pcs Neo, Sinumerik Integrate Runmyhmi \/automotive and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog. | |||||
| CVE-2023-46167 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367. | |||||
| CVE-2023-46159 | 1 Ibm | 1 Storage Ceph | 2024-11-21 | N/A | 2.6 LOW |
| IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906. | |||||
| CVE-2023-46116 | 1 Tuta | 1 Tutanota | 2024-11-21 | N/A | 9.3 CRITICAL |
| Tutanota (Tuta Mail) is an encrypted email provider. Tutanota allows users to open links in emails in external applications. Prior to version 3.118.12, it correctly blocks the `file:` URL scheme, which can be used by malicious actors to gain code execution on a victims computer, however fails to check other harmful schemes such as `ftp:`, `smb:`, etc. which can also be used. Successful exploitation of this vulnerability will enable an attacker to gain code execution on a victim's computer. Version 3.118.2 contains a patch for this issue. | |||||
| CVE-2023-45805 | 1 Frostming | 2 Pdm, Unearth | 2024-11-21 | N/A | 7.8 HIGH |
| pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious `pdm.lock` file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project `foo` can be targeted by creating the project `foo-2` and uploading the file `foo-2-2.tar.gz` to pypi.org. PyPI will see this as project `foo-2` version `2`, while PDM will see this as project `foo` version `2-2`. The version must only be `parseable as a version` and the filename must be a prefix of the project name, but it's not verified to match the version being installed. Version `2-2` is also not a valid normalized version per PEP 440. Matching the project name exactly (not just prefix) would fix the issue. When installing dependencies with PDM, what's actually installed could differ from what's listed in `pyproject.toml` (including arbitrary code execution on install). It could also be used for downgrade attacks by only changing the version. This issue has been addressed in commit `6853e2642df` which is included in release version `2.9.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-45193 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759. | |||||
| CVE-2023-45178 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073. | |||||
| CVE-2023-45176 | 1 Ibm | 2 App Connect Enterprise, Integration Bus | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998. | |||||
| CVE-2023-45175 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 267973. | |||||
| CVE-2023-45173 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. IBM X-Force ID: 267971. | |||||
| CVE-2023-45172 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970. | |||||
| CVE-2023-45171 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to cause a denial of service. IBM X-Force ID: 267969. | |||||
| CVE-2023-45169 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. IBM X-Force ID: 267967. | |||||
| CVE-2023-45167 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965. | |||||