Total
3761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1287 | 1 3ds | 1 Enovia Live Collaboration | 2023-11-07 | N/A | 9.8 CRITICAL |
| An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. | |||||
| CVE-2023-1250 | 1 Otrs | 1 Otrs | 2023-11-07 | N/A | 7.8 HIGH |
| Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0.X before 7.0.42, from 8.0.X before 8.0.31; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | |||||
| CVE-2023-0888 | 1 Bbraun | 2 Battery-pack Sp With Wifi, Battery-pack Sp With Wifi Firmware | 2023-11-07 | N/A | 7.2 HIGH |
| An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication module. This could be used as a vector to start further attacks | |||||
| CVE-2023-0462 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2023-11-07 | N/A | 9.1 CRITICAL |
| An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload. | |||||
| CVE-2023-0598 | 1 Ge | 1 Ifix | 2023-11-07 | N/A | 9.8 CRITICAL |
| GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software. | |||||
| CVE-2023-0089 | 1 Proofpoint | 1 Enterprise Protection | 2023-11-07 | N/A | 8.8 HIGH |
| The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below. | |||||
| CVE-2022-4300 | 1 Xjd2020 | 1 Fastcms | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214901 was assigned to this vulnerability. | |||||
| CVE-2022-46742 | 1 Paddlepaddle | 1 Paddlepaddle | 2023-11-07 | N/A | 9.8 CRITICAL |
| Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. | |||||
| CVE-2022-46157 | 1 Akeneo | 1 Product Information Management | 2023-11-07 | N/A | 8.8 HIGH |
| Akeneo PIM is an open source Product Information Management (PIM). Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions aforementioned provides patched Apache HTTP server configuration file, for docker setup and in documentation sample, to fix this vulnerability. Community Edition users must change their Apache HTTP server configuration accordingly to be protected. The patch for Cloud Based Akeneo PIM Services customers has been applied since 30th October 2022. Users are advised to upgrade. Users unable to upgrade may Replace any reference to `<FilesMatch \.php$>` in their apache httpd configurations with: `<Location "/index.php">`. | |||||
| CVE-2022-46166 | 1 Codecentric | 1 Spring Boot Admin | 2023-11-07 | N/A | 9.8 CRITICAL |
| Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advised to upgrade to the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 to resolve this issue. Users unable to upgrade may disable any notifier or disable write access (POST request) on `/env` actuator endpoint. | |||||
| CVE-2022-43938 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2023-11-07 | N/A | 8.8 HIGH |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. | |||||
| CVE-2022-42268 | 1 Nvidia | 6 Nvidia Isaac Sim, Omniverse Audio2face, Omniverse Code and 3 more | 2023-11-07 | N/A | 7.8 HIGH |
| Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description (USD) files to customize all aspects of a scene. If a user opens a USD file that contains embedded Python code in one of these applications, the embedded Python code automatically runs with the privileges of the user who opened the file. As a result, an unprivileged remote attacker could craft a USD file containing malicious Python code and persuade a local user to open the file, which may lead to information disclosure, data tampering, and denial of service. | |||||
| CVE-2022-42699 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2023-11-07 | N/A | 8.8 HIGH |
| Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | |||||
| CVE-2022-43571 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-11-07 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. | |||||
| CVE-2022-43572 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-11-07 | N/A | 6.5 MEDIUM |
| In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing. | |||||
| CVE-2022-3960 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2023-11-07 | N/A | 6.3 MEDIUM |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. | |||||
| CVE-2022-41264 | 1 Sap | 1 Basis | 2023-11-07 | N/A | 8.8 HIGH |
| Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacker. On successful exploitation the attacker can have full control of the system to which the class belongs, causing a high impact on the integrity of the application. | |||||
| CVE-2022-41205 | 2 Microsoft, Sap | 2 Windows, Gui | 2023-11-07 | N/A | 6.1 MEDIUM |
| SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application. | |||||
| CVE-2022-34456 | 1 Dell | 1 Emc Metro Node | 2023-11-07 | N/A | 8.8 HIGH |
| Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application. | |||||
| CVE-2022-30580 | 1 Golang | 1 Go | 2023-11-07 | N/A | 7.8 HIGH |
| Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. | |||||