Skip to main content
CVE-2023-5960 MEDIUM This Month

An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Zld
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-5797 MEDIUM This Month

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Zld Nwa110Ax Firmware Nwa1123Acv3 Firmware +17
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-5650 MEDIUM This Month

An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Zld
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-37926 MEDIUM This Month

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Zld
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-37925 MEDIUM This Month

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Zld Nwa110Ax Firmware Nwa1123Acv3 Firmware +17
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-35136 MEDIUM This Month

An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zyxel Zld
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42502 MEDIUM PATCH This Month

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Open Redirect Superset
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-47437 MEDIUM This Month

A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java XSS Pachno
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-30588 MEDIUM This Month

When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Node Js
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-48121 MEDIUM This Month

An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cs C6N A0 1C2Wfr Firmware Cs Cv310 A0 1C2Wfr Firmware Cs C6Cn A0 3H2Wfr Firmware Cs C3N A0 3H2Wfrl Firmware
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-48713 MEDIUM PATCH This Month

Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Serving
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-29061 MEDIUM This Month

There is no BIOS password on the FACSChorus workstation. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Facschorus
NVD
CVSS 3.1
5.2
EPSS
0.4%
CVE-2023-32063 MEDIUM PATCH This Month

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Client Relationship Management
NVD GitHub
CVSS 3.1
5.0
EPSS
0.5%
CVE-2023-4667 MEDIUM This Month

The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Authentication Bypass Sgima Lite Lite Firmware Sigma Wide Firmware Sigma Extreme Firmware +3
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4397 MEDIUM This Month

A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Zld
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-29065 MEDIUM This Month

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Facschorus
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-29064 MEDIUM This Month

The FACSChorus software contains sensitive information stored in plaintext. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Facschorus
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-42505 MEDIUM PATCH This Month

An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2023-32064 MEDIUM PATCH This Month

OroCommerce package with customer portal and non authenticated visitor website base features. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Orocommerce
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-29062 LOW Monitor

The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested. Rated low severity (CVSS 3.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Facschorus
NVD
CVSS 3.1
3.8
EPSS
0.3%
CVE-2023-29066 LOW Monitor

The FACSChorus software does not properly assign data access privileges for operating system user accounts. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Facschorus
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2023-29063 LOW Monitor

The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Facschorus
NVD
CVSS 3.1
2.4
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy