• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-24508
2023-02-08
N/A
9.6 CRITICAL
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.
CVE-2023-24499
2023-02-24
N/A
4.6 MEDIUM
Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use.
CVE-2023-24498
2023-02-24
N/A
7.5 HIGH
An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text.
CVE-2023-24495
2023-02-06
N/A
6.5 MEDIUM
A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly.
CVE-2023-24494
2023-02-02
N/A
5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.
CVE-2023-24493
2023-02-02
N/A
5.7 MEDIUM
A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host.
CVE-2023-24485
2023-02-24
N/A
7.8 HIGH
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.
CVE-2023-24484
2023-02-24
N/A
5.5 MEDIUM
A malicious user can cause log files to be written to a directory that they do not have permission to write to.
CVE-2023-24483
2023-02-24
N/A
7.8 HIGH
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITYSYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
CVE-2023-24482
2023-02-22
N/A
9.8 CRITICAL
A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), COMOS V10.4.0.0 (All versions < V10.4.0.0.31), COMOS V10.4.1.0 (All versions < V10.4.1.0.32), COMOS V10.4.2.0 (All versions < V10.4.2.0.25). Cache validation service in COMOS is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition.
« Previous 1 … 11,108 11,109 11,110 11,111 11,112 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE