Skip to main content
CVE-2023-6719 MEDIUM This Month

An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Repox
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47575 MEDIUM This Month

An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rely Pcie Firmware Rely Rec Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47574 MEDIUM This Month

An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Rely Pcie Firmware Rely Rec Firmware
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-45725 MEDIUM PATCH This Month

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Couchdb
NVD
CVSS 3.1
5.7
EPSS
1.2%
CVE-2023-50442 MEDIUM This Month

Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zonecentral
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-50440 MEDIUM This Month

ZED containers produced by PRIMX ZED!. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Zed Zedmail Zonecentral
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-50441 MEDIUM This Month

Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Zonecentral
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-48638 MEDIUM This Month

Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Designer
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-48637 MEDIUM This Month

Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Designer
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-48636 MEDIUM This Month

Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Designer
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-48635 MEDIUM PATCH This Month

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe After Effects
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-47081 MEDIUM This Month

Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-47080 MEDIUM This Month

Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-47079 MEDIUM This Month

Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-47078 MEDIUM This Month

Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-47062 MEDIUM This Month

Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-47061 MEDIUM This Month

Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-44362 MEDIUM This Month

Adobe Prelude versions 22.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe Information Disclosure Prelude
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-6381 MEDIUM This Month

Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Supermailer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-47077 MEDIUM This Month

Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Indesign
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-47076 MEDIUM This Month

Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe Null Pointer Dereference Indesign
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-50767 MEDIUM PATCH This Month

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Nexus Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6720 MEDIUM This Month

An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Repox
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-45587 MEDIUM This Month

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet XSS Fortisandbox
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41844 MEDIUM This Month

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet XSS Fortisandbox
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41673 MEDIUM This Month

An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiadc
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-50439 MEDIUM This Month

ZED containers produced by PRIMX ZED!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Zed Zedmail Zonecentral
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-47536 MEDIUM This Month

An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiproxy Fortios
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-46713 MEDIUM This Month

An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortiweb
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-43583 MEDIUM This Month

Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Google Authentication Bypass Meeting Software Development Kit Video Software Development Kit +1
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-6791 MEDIUM This Month

A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Pan Os
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-6789 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto XSS Pan Os
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-6795 MEDIUM This Month

An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Paloalto Command Injection Pan Os
NVD
CVSS 3.1
4.7
EPSS
1.1%
CVE-2023-6794 MEDIUM This Month

An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Paloalto Pan Os
NVD
CVSS 3.1
4.7
EPSS
0.6%
CVE-2023-45864 MEDIUM This Month

A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain areas. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Samsung Information Disclosure Exynos 9820 Firmware Exynos 980 Firmware +5
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-42483 MEDIUM This Month

A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exynos 980, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, and Exynos 1380 can cause unexpected termination of a system. Rated medium severity (CVSS 4.7). No vendor patch available.

Samsung Information Disclosure Exynos 9820 Firmware Exynos 980 Firmware Exynos 1080 Firmware +4
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-50443 MEDIUM This Month

Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (ANSSI qualification submission) or CRYHOD for Windows before 2023.5 can be modified by an unauthenticated attacker to include a. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cryhod
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-43122 MEDIUM This Month

Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) allow Information Disclosure in the Bootloader. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure Samsung Exynos 980 Firmware +8
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-49878 MEDIUM This Month

IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Virtualization Engine Ts7760 3957 Vec Firmware Virtualization Engine Ts7770 3957 Ved Firmware Virtualization Engine Ts7770 3948 Ved Firmware
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-49877 MEDIUM This Month

IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Virtualization Engine Ts7760 3957 Vec Firmware Virtualization Engine Ts7770 3957 Ved Firmware Virtualization Engine Ts7770 3948 Ved Firmware
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-50779 MEDIUM This Month

Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Paaslane Estimate
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-50777 MEDIUM This Month

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Paaslane Estimate
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-50776 MEDIUM This Month

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Paaslane Estimate
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-50775 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Deployment Dashboard
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-50773 MEDIUM This Month

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dingding Json Pusher
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-50772 MEDIUM This Month

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dingding Json Pusher
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-50769 MEDIUM PATCH This Month

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Nexus Platform
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-50765 MEDIUM This Month

A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Scriptler
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-6793 LOW Monitor

An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
CVSS 3.1
2.7
EPSS
0.6%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy