Total
363 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4749 | 1 Mayurik | 1 Inventory Management System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-4191 | 1 Resort Reservation System Project | 1 Resort Reservation System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236234 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-47147 | 1 Ibm | 1 Sterling Secure Proxy | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598. | |||||
| CVE-2023-46851 | 1 Apache | 1 Allura | 2024-11-21 | N/A | 4.9 MEDIUM |
| Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them. Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution. This issue affects Apache Allura from 1.0.1 through 1.15.0. Users are recommended to upgrade to version 1.16.0, which fixes the issue. If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file. | |||||
| CVE-2023-43074 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | N/A | 5.2 MEDIUM |
| Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server. | |||||
| CVE-2023-3643 | 1 Carel | 2 Boss Mini, Boss Mini Firmware | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233889 was assigned to this vulnerability. | |||||
| CVE-2023-3256 | 1 Advantech | 1 R-seenet | 2024-11-21 | N/A | 8.8 HIGH |
| Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files. | |||||
| CVE-2023-36764 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft SharePoint Server Elevation of Privilege Vulnerability | |||||
| CVE-2023-36634 | 1 Fortinet | 1 Fortiap-u | 2024-11-21 | N/A | 7.1 HIGH |
| An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments. | |||||
| CVE-2023-36019 | 1 Microsoft | 2 Azure Logic Apps, Power Platform | 2024-11-21 | N/A | 9.6 CRITICAL |
| Microsoft Power Platform Connector Spoofing Vulnerability | |||||
| CVE-2023-35384 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| Windows HTML Platforms Security Feature Bypass Vulnerability | |||||
| CVE-2023-35308 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | |||||
| CVE-2023-34982 | 1 Aveva | 13 Batch Management, Communication Drivers, Edge and 10 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service. | |||||
| CVE-2023-32615 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | N/A | 6.5 MEDIUM |
| A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2023-30943 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 6.5 MEDIUM |
| The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. | |||||
| CVE-2023-2554 | 1 Bumsys Project | 1 Bumsys | 2024-11-21 | N/A | 7.2 HIGH |
| External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0. | |||||
| CVE-2023-2152 | 1 Oretnom23 | 1 Student Study Center Desk Management System | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226273 was assigned to this vulnerability. | |||||
| CVE-2023-29324 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | |||||
| CVE-2023-28603 | 2 Microsoft, Zoom | 2 Windows, Virtual Desktop Infrastructure | 2024-11-21 | N/A | 7.7 HIGH |
| Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions. | |||||
| CVE-2023-21800 | 1 Microsoft | 1 Windows Server 2008 | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||