Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44170 | 1 Seacms | 1 Seacms | 2024-09-25 | N/A | 9.8 CRITICAL |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php. | |||||
| CVE-2023-41301 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | N/A | 7.5 HIGH |
| Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2023-43234 | 1 Dedebiz | 1 Dedebiz | 2024-09-25 | N/A | 9.8 CRITICAL |
| DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. | |||||
| CVE-2023-41302 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | N/A | 7.5 HIGH |
| Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2023-43216 | 1 Seacms | 1 Seacms | 2024-09-25 | N/A | 9.8 CRITICAL |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php. | |||||
| CVE-2023-43457 | 1 Oretnom23 | 1 Service Provider Management System | 2024-09-25 | N/A | 9.8 CRITICAL |
| An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. | |||||
| CVE-2023-41293 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | N/A | 7.5 HIGH |
| Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-44080 | 1 Pgyer | 1 Codefever | 2024-09-25 | N/A | 9.8 CRITICAL |
| An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component. | |||||
| CVE-2023-44171 | 1 Seacms | 1 Seacms | 2024-09-25 | N/A | 9.8 CRITICAL |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php. | |||||
| CVE-2023-41984 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-09-25 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-41294 | 1 Huawei | 1 Harmonyos | 2024-09-25 | N/A | 9.8 CRITICAL |
| The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services. | |||||
| CVE-2023-43619 | 1 Schollz | 1 Croc | 2024-09-25 | N/A | 7.8 HIGH |
| An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file. | |||||
| CVE-2023-43498 | 1 Jenkins | 1 Jenkins | 2024-09-25 | N/A | 8.1 HIGH |
| In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used. | |||||
| CVE-2023-44172 | 1 Seacms | 1 Seacms | 2024-09-25 | N/A | 9.8 CRITICAL |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php. | |||||
| CVE-2022-48605 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-25 | N/A | 9.8 CRITICAL |
| Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. | |||||
| CVE-2023-40436 | 1 Apple | 1 Macos | 2024-09-25 | N/A | 9.1 CRITICAL |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. An attacker may be able to cause unexpected system termination or read kernel memory. | |||||
| CVE-2023-39052 | 1 Earthgarden Waiting Project | 1 Earthgarden Waiting | 2024-09-25 | N/A | 6.5 MEDIUM |
| An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-38344 | 1 Ivanti | 1 Endpoint Manager | 2024-09-25 | N/A | 6.5 MEDIUM |
| An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access. | |||||
| CVE-2023-4328 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2024-09-25 | N/A | 5.5 MEDIUM |
| Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows | |||||
| CVE-2023-4333 | 2 Broadcom, Microsoft | 2 Raid Controller Web Interface, Windows | 2024-09-25 | N/A | 5.5 MEDIUM |
| Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server | |||||