Total
218097 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-3315 | 2023-06-19 | N/A | N/A | ||
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
CVE-2023-32659 | 2023-06-19 | N/A | N/A | ||
SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications. | |||||
CVE-2023-29158 | 2023-06-19 | N/A | N/A | ||
SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity. | |||||
CVE-2023-3312 | 2023-06-19 | N/A | N/A | ||
A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service. | |||||
CVE-2023-3022 | 2023-06-19 | N/A | N/A | ||
A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress. | |||||
CVE-2023-35843 | 2023-06-19 | N/A | N/A | ||
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information. | |||||
CVE-2023-34461 | 2023-06-19 | N/A | N/A | ||
PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious `<a>` that looks like ```<a href=javascript:alert (1)>xss</a>``` could have been used to run code through JavaScript on the client side. The problem has been patched as of commit `5defd92`, and users are advised to upgrade. Attackers do need posting privilege in order to exploit this vulnerability. This vulnerability is present within the 0.1.0 release, and users are advised to upgrade to 0.1.1. Users unable to upgrade may be able to work around the attack by either; Removing the ability to create posts, removing the `|safe` tag from the Jinja2 template titled "post.html" in templates or by adding manual validation of links in the post creation section. | |||||
CVE-2023-34096 | 1 Thruk | 1 Thruk | 2023-06-19 | N/A | 8.8 HIGH |
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2. | |||||
CVE-2023-2986 | 1 Tychesoftwares | 1 Abandoned Cart Lite For Woocommerce | 2023-06-19 | N/A | 9.8 CRITICAL |
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, which users are typically customers. | |||||
CVE-2023-34167 | 2023-06-19 | N/A | N/A | ||
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. | |||||
CVE-2023-34166 | 2023-06-19 | N/A | N/A | ||
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart. | |||||
CVE-2023-34163 | 2023-06-19 | N/A | N/A | ||
Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
CVE-2023-34162 | 2023-06-19 | N/A | N/A | ||
Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail. | |||||
CVE-2023-34161 | 2023-06-19 | N/A | N/A | ||
nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
CVE-2023-34160 | 2023-06-19 | N/A | N/A | ||
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. | |||||
CVE-2023-34159 | 2023-06-19 | N/A | N/A | ||
Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality. | |||||
CVE-2023-34158 | 2023-06-19 | N/A | N/A | ||
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. | |||||
CVE-2023-34156 | 2023-06-19 | N/A | N/A | ||
Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied. | |||||
CVE-2023-34155 | 2023-06-19 | N/A | N/A | ||
Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability. | |||||
CVE-2022-48501 | 2023-06-19 | N/A | N/A | ||
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. |