Search Results (25419 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-38254 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2025-02-27 6.5 Medium
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2023-35377 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2025-02-27 6.5 Medium
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2023-36893 1 Microsoft 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more 2025-02-27 6.5 Medium
Microsoft Outlook Spoofing Vulnerability
CVE-2023-22301 1 Openatom 1 Openharmony 2025-02-27 6.5 Medium
The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.
CVE-2022-24093 1 Adobe 2 Commerce, Magento Open Source 2025-02-27 9.1 Critical
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.
CVE-2023-40725 1 Siemens 1 Qms Automotive 2025-02-27 4 Medium
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames.
CVE-2023-32649 1 Nozominetworks 2 Cmc, Guardian 2025-02-27 7.5 High
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets. During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.
CVE-2023-22382 1 Qualcomm 58 Apq8064au, Apq8064au Firmware, Msm8996au and 55 more 2025-02-27 7.4 High
Weak configuration in Automotive while VM is processing a listener request from TEE.
CVE-2023-24853 1 Qualcomm 226 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 223 more 2025-02-27 8.4 High
Memory Corruption in HLOS while registering for key provisioning notify.
CVE-2023-26367 1 Adobe 2 Commerce, Magento 2025-02-27 4.9 Medium
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.
CVE-2022-25332 1 Ti 2 Omap L138, Omap L138 Firmware 2025-02-27 4.4 Medium
The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext inputs. Using this side channel, the SK_LOAD secure kernel routine can be used to recover the Customer Encryption Key (CEK).
CVE-2021-26736 1 Zscaler 1 Client Connector 2025-02-27 6.7 Medium
Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.
CVE-2023-46289 1 Rockwellautomation 1 Factorytalk View 2025-02-27 7.5 High
Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.
CVE-2023-3676 3 Kubernetes, Microsoft, Redhat 3 Kubernetes, Windows, Openshift 2025-02-27 8.8 High
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
CVE-2023-5514 1 Hitachienergy 1 Esoms 2025-02-27 5.3 Medium
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure.
CVE-2023-5515 1 Hitachienergy 1 Esoms 2025-02-27 5.3 Medium
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications.
CVE-2023-5516 1 Hitachienergy 1 Esoms 2025-02-27 5.3 Medium
Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints, backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.
CVE-2023-5920 2 Apple, Mattermost 2 Macos, Mattermost Desktop 2025-02-27 2.9 Low
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.
CVE-2023-6073 1 Volkswagen 2 Id.3, Id.3 Firmware 2025-02-27 5.7 Medium
Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls.
CVE-2023-6076 1 Phpgurukul 1 Restaurant Table Booking System 2025-02-27 5.3 Medium
A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability.