Skip to main content
CVE-2023-48420 MEDIUM This Month

there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-45866 MEDIUM PATCH This Month

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Ubuntu Authentication Bypass Android Ubuntu Linux Iphone Os +4
NVD GitHub
CVSS 3.1
6.3
EPSS
7.9%
CVE-2023-49782 MEDIUM This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Microsoft Nextcloud Richdocumentscode
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46499 MEDIUM PATCH This Month

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js XSS Evershop
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46495 MEDIUM PATCH This Month

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js XSS Evershop
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46494 MEDIUM PATCH This Month

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js XSS Evershop
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23372 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap XSS Qts Quts Hero
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-6609 MEDIUM This Month

A vulnerability was found in osCommerce 4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oscommerce
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34320 MEDIUM This Month

Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cortex A77 Firmware Xen
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-6622 MEDIUM PATCH This Month

A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Fedora Linux Kernel +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-48422 MEDIUM This Month

In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-48415 MEDIUM This Month

In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-48412 MEDIUM This Month

In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-48411 MEDIUM This Month

In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-48408 MEDIUM This Month

In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-48401 MEDIUM This Month

In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-48399 MEDIUM This Month

In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-46497 MEDIUM PATCH This Month

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Path Traversal Evershop
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-6146 MEDIUM This Month

A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Private Cloud Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-49487 MEDIUM This Month

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jfinalcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-49486 MEDIUM This Month

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jfinalcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-49485 MEDIUM This Month

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jfinalcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-46493 MEDIUM PATCH This Month

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Path Traversal Evershop
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-6507 MEDIUM PATCH This Month

An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Python
NVD GitHub
CVSS 3.1
4.9
EPSS
1.3%
CVE-2023-48413 MEDIUM This Month

In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-48397 MEDIUM This Month

In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-48311 MEDIUM PATCH This Month

dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Docker Dockerspawner
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy