Total
29056 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47034 | 1 Uniswapfrontrunbot Project | 1 Uniswapfrontrunbot | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to cause financial losses via unspecified vectors. | |||||
| CVE-2023-47033 | 1 Multisigwallet Project | 1 Multisigwallet | 2024-11-21 | N/A | 7.5 HIGH |
| MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction. | |||||
| CVE-2023-46992 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages. | |||||
| CVE-2023-46813 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. | |||||
| CVE-2023-46774 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. | |||||
| CVE-2023-46765 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. | |||||
| CVE-2023-46759 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-46758 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device. | |||||
| CVE-2023-46756 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows. | |||||
| CVE-2023-46753 | 1 Frrouting | 1 Frrouting | 2024-11-21 | N/A | 5.9 MEDIUM |
| An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute. | |||||
| CVE-2023-46752 | 1 Frrouting | 1 Frrouting | 2024-11-21 | N/A | 5.9 MEDIUM |
| An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash. | |||||
| CVE-2023-46686 | 1 Gallagher | 1 Command Centre | 2024-11-21 | N/A | 5.5 MEDIUM |
| A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)). | |||||
| CVE-2023-46389 | 1 Loytec | 4 Linx-151, Linx-151 Firmware, Linx-212 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration. | |||||
| CVE-2023-46387 | 1 Loytec | 4 Linx-151, Linx-151 Firmware, Linx-212 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration. | |||||
| CVE-2023-46355 | 1 Blmodules | 1 Csv Feeds Pro | 2024-11-21 | N/A | 5.3 MEDIUM |
| In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead to leaks of personal information from ps_customer / ps_order table such as name / surname / email / phone number / postal address. | |||||
| CVE-2023-46315 | 1 Zanllp | 1 Stable Diffusion Webui Infinite Image Browsing | 2024-11-21 | N/A | 7.5 HIGH |
| The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials. | |||||
| CVE-2023-46245 | 1 Kimai | 1 Kimai | 2024-11-21 | N/A | 7.2 HIGH |
| Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML rendering functionalities. Version 2.1.0 enables security measures for custom Twig templates. | |||||
| CVE-2023-46176 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | N/A | 6.7 MEDIUM |
| IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535. | |||||
| CVE-2023-45867 | 1 Ilias | 1 Ilias | 2024-11-21 | N/A | 6.5 MEDIUM |
| ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential files stored on the web server. The attacker can access files that are readable by the web server user www-data; this may include sensitive configuration files and documents located outside the documentRoot. The vulnerability is exploited by an attacker who manipulates the file parameter in a URL, inserting directory traversal sequences in order to access unauthorized files. This manipulation allows the attacker to retrieve sensitive files, such as /etc/passwd, potentially compromising the system's security. This issue poses a significant risk to confidentiality and is remotely exploitable over the internet. | |||||
| CVE-2023-45844 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug). | |||||