Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25991 | 1 Metagauss | 1 Registrationmagic | 2023-03-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic plugin <= 5.1.9.2 versions. | |||||
| CVE-2023-0348 | 1 Akuvox | 2 E11, E11 Firmware | 2023-03-16 | N/A | 7.5 HIGH |
| Akuvox E11 allows direct SIP calls. No access control is enforced by the SIP servers, which could allow an attacker to contact any device within Akuvox to call any other device. | |||||
| CVE-2023-23857 | 1 Sap | 1 Netweaver Application Server For Java | 2023-03-16 | N/A | 8.6 HIGH |
| Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services across systems. On a successful exploitation, the attacker can read and modify some sensitive information but can also be used to lock up any element or operation of the system making that it unresponsive or unavailable. | |||||
| CVE-2023-0021 | 1 Sap | 1 Netweaver | 2023-03-16 | N/A | 6.1 MEDIUM |
| Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application. | |||||
| CVE-2023-24526 | 1 Sap | 1 Netweaver Application Server Java | 2023-03-16 | N/A | 5.3 MEDIUM |
| SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an unassigned user can read non-sensitive server data. | |||||
| CVE-2023-25616 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2023-03-16 | N/A | 8.8 HIGH |
| In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. Successful attack could highly impact the confidentiality, Integrity, and Availability of the system. | |||||
| CVE-2023-27399 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-03-16 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20299, ZDI-CAN-20346) | |||||
| CVE-2023-27398 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-03-16 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20304) | |||||
| CVE-2023-27403 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-03-16 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains a memory corruption vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20303, ZDI-CAN-20348) | |||||
| CVE-2023-27402 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-03-16 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20334) | |||||
| CVE-2023-27401 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-03-16 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20308, ZDI-CAN-20345) | |||||
| CVE-2023-27400 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-03-16 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20300) | |||||
| CVE-2023-27405 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-03-16 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20432) | |||||
| CVE-2023-27404 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-03-16 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to stack-based buffer while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20433) | |||||
| CVE-2023-27406 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-03-16 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to stack-based buffer while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20449) | |||||
| CVE-2023-0349 | 1 Akuvox | 2 E11, E11 Firmware | 2023-03-16 | N/A | 9.1 CRITICAL |
| The Akuvox E11 libvoice library provides unauthenticated access to the camera capture for image and video. This could allow an attacker to view and record image and video from the camera. | |||||
| CVE-2023-27371 | 1 Gnu | 1 Libmicrohttpd | 2023-03-16 | N/A | 5.9 MEDIUM |
| GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function. | |||||
| CVE-2023-0811 | 2023-03-16 | N/A | N/A | ||
| Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program. | |||||
| CVE-2023-28110 | 2023-03-16 | N/A | N/A | ||
| Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the execution of dangerous commands that may disrupt the Koko container environment and affect normal usage. The vulnerability has been fixed in v2.28.8. | |||||
| CVE-2023-28109 | 2023-03-16 | N/A | N/A | ||
| Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use `play-with-docker.com` as an example and set the origin header in an http request as `evil-play-with-docker.com`. The domain would echo in response header, which successfully bypassed the CORS policy and retrieved basic user information. This issue has been fixed in commit ed82247c9ab7990ad76ec2bf1498c2b2830b6f1a. There are no known workarounds. | |||||