Total
65985 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32383 | 1 Apple | 1 Macos | 2024-01-18 | N/A | 7.8 HIGH |
| This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode. | |||||
| CVE-2023-32401 | 1 Apple | 1 Macos | 2024-01-18 | N/A | 7.8 HIGH |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-32436 | 1 Apple | 1 Macos | 2024-01-18 | N/A | 7.1 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory. | |||||
| CVE-2023-38610 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-01-18 | N/A | 7.1 HIGH |
| A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory. | |||||
| CVE-2023-44250 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-01-18 | N/A | 8.8 HIGH |
| An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests. | |||||
| CVE-2024-22190 | 1 Gitpython Project | 1 Gitpython | 2024-01-18 | N/A | 7.8 HIGH |
| GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41. | |||||
| CVE-2023-51127 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2024-01-17 | N/A | 7.5 HIGH |
| FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file. | |||||
| CVE-2023-42828 | 1 Apple | 1 Macos | 2024-01-17 | N/A | 7.8 HIGH |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges. | |||||
| CVE-2023-6636 | 1 Greenshiftwp | 1 Greenshift - Animation And Page Builder Blocks | 2024-01-17 | N/A | 7.2 HIGH |
| The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2023-41974 | 1 Apple | 2 Ipados, Iphone Os | 2024-01-17 | N/A | 7.8 HIGH |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-42832 | 1 Apple | 1 Macos | 2024-01-17 | N/A | 7.0 HIGH |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to gain root privileges. | |||||
| CVE-2023-41075 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-01-17 | N/A | 7.8 HIGH |
| A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-42866 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-01-17 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-48252 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-01-17 | N/A | 8.8 HIGH |
| The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. | |||||
| CVE-2023-48253 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-01-17 | N/A | 8.8 HIGH |
| The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts. | |||||
| CVE-2023-50932 | 1 Savignano | 1 S\/notify | 2024-01-17 | N/A | 7.1 HIGH |
| An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Confluence, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be. | |||||
| CVE-2023-50931 | 1 Savignano | 1 S\/notify | 2024-01-17 | N/A | 7.1 HIGH |
| An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Bitbucket, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be. | |||||
| CVE-2023-6558 | 1 Webtoffee | 1 Import Export Wordpress Users | 2024-01-17 | N/A | 7.2 HIGH |
| The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2023-6266 | 1 Backupbliss | 1 Backup Migration | 2024-01-17 | N/A | 7.5 HIGH |
| The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download back-up files which can contain sensitive information such as user passwords, PII, database credentials, and much more. | |||||
| CVE-2023-5504 | 1 Inpsyde | 1 Backwpup | 2024-01-17 | N/A | 8.7 HIGH |
| The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site. | |||||