Skip to main content
CVE-2023-32542 HIGH This Week

Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Tellus Tellus Lite
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32538 HIGH This Week

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Information Disclosure Tellus +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32288 HIGH This Week

Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Tellus Tellus Lite
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32276 HIGH This Week

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Information Disclosure Tellus +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32273 HIGH This Week

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Information Disclosure Tellus +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32270 HIGH This Week

Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Tellus Tellus Lite
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32201 HIGH This Week

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Information Disclosure Tellus +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31239 HIGH This Week

Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure V Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-30759 HIGH This Week

The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Printer Driver Packager Nx
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-3312 HIGH This Week

A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-34166 HIGH This Week

Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-34163 HIGH This Week

Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-34162 HIGH This Week

Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-34161 HIGH This Week

nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-34155 HIGH This Week

Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-25747 HIGH This Week

A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Mozilla Memory Corruption Information Disclosure +1
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-25733 HIGH This Week

The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-32214 HIGH This Week

Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Microsoft Firefox Firefox Esr +1
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-32209 HIGH This Week

A maliciously crafted favicon could have led to an out of memory crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla Firefox
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-35852 HIGH PATCH This Week

In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Suricata
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-35849 HIGH PATCH This Week

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Picotcp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-35848 HIGH PATCH This Week

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Picotcp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-35847 HIGH PATCH This Week

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Picotcp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-35846 HIGH PATCH This Week

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Picotcp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-31410 HIGH This Week

A remote unprivileged attacker can intercept the communication via e.g. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Sick Eventcam App
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2023-29546 MEDIUM This Month

When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Firefox Focus
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-29545 MEDIUM This Month

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Microsoft Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-32210 MEDIUM This Month

Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-35005 MEDIUM PATCH This Month

In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-32659 MEDIUM This Month

SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Powersystem Center
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-35775 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Backup Solutions
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-35772 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Google Map Shortcode
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34415 MEDIUM This Month

When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Open Redirect Firefox
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3022 MEDIUM PATCH This Month

A flaw was found in the IPv6 module of the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29532 MEDIUM This Month

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Mozilla Information Disclosure Microsoft Firefox Firefox Esr +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-35866 MEDIUM This Month

In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Keepassxc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-34461 MEDIUM PATCH This Month

PyBB is an open source bulletin board. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pybb
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-35776 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sermons Online
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-34167 MEDIUM This Month

Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Emui
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-34160 MEDIUM This Month

Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Emui
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-34158 MEDIUM This Month

Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Emui
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-34156 MEDIUM This Month

Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Emui
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-32208 MEDIUM This Month

Service workers could reveal script base URL due to dynamic `import()`. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-35779 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Seed Fonts
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-33213 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wpview
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3315 MEDIUM PATCH This Month

Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Team Concert
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-34414 LOW Monitor

The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
3.1
EPSS
0.9%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy