Export limit exceeded: 46619 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46619 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8495 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37486 | 1 Sap | 2 Commerce Cloud, Commerce Hycom | 2024-11-21 | 5.9 Medium |
| Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact on integrity and availability of the application. | ||||
| CVE-2023-37224 | 1 Archerirm | 1 Archer | 2024-11-21 | 6 Medium |
| An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files. | ||||
| CVE-2023-36825 | 1 Orchid | 1 Platform | 2024-11-21 | 9.7 Critical |
| Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. A vulnerability present starting in version 14.0.0-alpha4 and prior to version 14.5.0 is related to the deserialization of untrusted data from the `_state` query parameter, which can result in remote code execution. The issue has been addressed in version 14.5.0. Users are advised to upgrade their software to this version or any subsequent versions that include the patch. There are no known workarounds. | ||||
| CVE-2023-36649 | 1 Prolion | 1 Cryptospike | 2024-11-21 | 9.1 Critical |
| Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication. | ||||
| CVE-2023-36480 | 1 Aerospike | 1 Aerospike Java Client | 2024-11-21 | 9.8 Critical |
| The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 contain a patch for this issue. | ||||
| CVE-2023-36082 | 1 Gatesair | 2 Flexiva Fax 150w, Flexiva Fax 150w Firmware | 2024-11-21 | 9.8 Critical |
| An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials. | ||||
| CVE-2023-35839 | 1 Solon | 1 Solon | 2024-11-21 | 9.8 Critical |
| A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload. | ||||
| CVE-2023-35669 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-35186 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 8 High |
| The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. | ||||
| CVE-2023-35184 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 8.8 High |
| The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution. | ||||
| CVE-2023-35182 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 8.8 High |
| The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server. | ||||
| CVE-2023-35180 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 8 High |
| The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API. | ||||
| CVE-2023-35084 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 9.8 Critical |
| Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely. | ||||
| CVE-2023-35013 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | 2.3 Low |
| IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769. | ||||
| CVE-2023-34995 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-11-21 | 7.5 High |
| There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines. | ||||
| CVE-2023-34723 | 2 Jaycar, Techview | 3 La5570, La5570 Firmware, La-5570 Wireless Gateway | 2024-11-21 | 7.5 High |
| An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf. | ||||
| CVE-2023-34347 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 9.8 Critical |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code. | ||||
| CVE-2023-34128 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | 9.8 Critical |
| Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | ||||
| CVE-2023-34052 | 1 Vmware | 1 Aria Operations For Logs | 2024-11-21 | 7.8 High |
| VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass. | ||||
| CVE-2023-34050 | 2 Redhat, Vmware | 2 Amq Clients, Spring Advanced Message Queuing Protocol | 2024-11-21 | 5 Medium |
| In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if * the SimpleMessageConverter or SerializerMessageConverter is used * the user does not configure allowed list patterns * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content | ||||