• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-24029
2023-02-12
N/A
7.2 HIGH
In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows.
CVE-2023-24028
2023-01-27
N/A
9.8 CRITICAL
In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.
CVE-2023-24027
2023-01-27
N/A
6.1 MEDIUM
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.
CVE-2023-24026
2023-01-27
N/A
6.1 MEDIUM
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.
CVE-2023-24025
2023-02-03
N/A
7.5 HIGH
CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector.
CVE-2023-24022
2023-02-04
N/A
9.8 CRITICAL
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)
CVE-2023-24021
2023-02-09
N/A
9.8 CRITICAL
Incorrect handling of '' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
CVE-2023-24020
2023-02-07
N/A
9.8 CRITICAL
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, allowing multiple attempts to force a login.
CVE-2023-23969
2023-02-08
N/A
7.5 HIGH
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
CVE-2023-23951
2023-02-07
N/A
6.1 MEDIUM
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application
« Previous 1 … 11,123 11,124 11,125 11,126 11,127 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE