The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-1709 | Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process. | -- | Jun 7, 2023 | n/a |
| CVE-2023-42495 | Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command (\'OS Command Injection\') | -- | Dec 13, 2023 | n/a |
| CVE-2022-36785 | D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure – file contains a URL with private IP at line 15 login.asp A. The window.location.href = http://192.168.1.1/setupWizard.asp http://192.168.1.1/setupWizard.asp ; admin – contains default username value login.asp B. While accessing the web interface, the login form at *Authorization Bypass – URL by setupWizard.asp\' while it blocks direct access to – the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a login_glag and login_status checking browser and to read the admin user credentials for the web interface. | -- | Nov 18, 2022 | n/a |
| CVE-2023-6408 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack. | -- | Feb 14, 2024 | n/a |
| CVE-2024-2050 | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an attacker injects then executes arbitrary malicious JavaScript code within the context of the product. | -- | Mar 18, 2024 | n/a |
| CVE-2023-6409 | CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert. | -- | Feb 14, 2024 | n/a |
| CVE-2024-2052 | CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL to download to a different location. | -- | Mar 18, 2024 | n/a |
| CVE-2023-27975 | CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation. | -- | Feb 14, 2024 | n/a |
| CVE-2024-2229 | CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user. | -- | Mar 18, 2024 | n/a |
| CVE-2024-2051 | CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form. | -- | Mar 18, 2024 | n/a |
| CVE-2024-0568 | CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of device configuration over NFC communication. | -- | Feb 14, 2024 | n/a |
| CVE-2024-27767 | CWE-287: Improper Authentication may allow Authentication Bypass | -- | Mar 18, 2024 | n/a |
| CVE-2023-29452 | Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider. | -- | Jul 13, 2023 | n/a |
| CVE-2023-1716 | Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim\'s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege. | -- | Nov 1, 2023 | n/a |
| CVE-2023-24584 | Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior. | -- | Jun 1, 2023 | n/a |
| CVE-2023-23553 | Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker. | -- | Feb 13, 2023 | n/a |
| CVE-2023-0965 | Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | -- | May 18, 2023 | n/a |
| CVE-2023-32100 | Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | -- | May 18, 2023 | n/a |
| CVE-2023-1132 | Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | -- | May 18, 2023 | n/a |
| CVE-2023-2481 | Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | -- | May 18, 2023 | n/a |
| CVE-2023-32096 | Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | -- | May 18, 2023 | n/a |
| CVE-2023-32097 | Compiler removal of buffer clearing in sli_crypto_transparent_aead_decrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | -- | May 18, 2023 | n/a |
| CVE-2023-32098 | Compiler removal of buffer clearing in sli_se_sign_message in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | -- | May 18, 2023 | n/a |
| CVE-2023-32099 | Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | -- | May 18, 2023 | n/a |
| CVE-2022-3929 | Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:* | -- | Jan 5, 2023 | n/a |
| CVE-2022-39180 | College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page | -- | Nov 18, 2022 | n/a |
| CVE-2022-39179 | College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. | -- | Nov 18, 2022 | n/a |
| CVE-2023-6131 | Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | -- | Nov 14, 2023 | n/a |
| CVE-2023-6126 | Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | -- | Nov 14, 2023 | n/a |
| CVE-2023-6125 | Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | -- | Nov 14, 2023 | n/a |
| CVE-2023-3551 | Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10. | -- | Jul 8, 2023 | n/a |
| CVE-2023-4977 | Code Injection in GitHub repository librenms/librenms prior to 23.9.0. | -- | Sep 15, 2023 | n/a |
| CVE-2023-3393 | Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1. | -- | Jun 23, 2023 | n/a |
| CVE-2023-28076 | CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure. | -- | May 16, 2023 | n/a |
| CVE-2023-23690 | Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices. | -- | Jan 27, 2023 | n/a |
| CVE-2023-23570 | Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior. | -- | Dec 19, 2023 | n/a |
| CVE-2023-5100 | Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted. | -- | Oct 10, 2023 | n/a |
| CVE-2023-35699 | Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card. | -- | Jul 10, 2023 | n/a |
| CVE-2023-31408 | Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user’s browsers local storage via cross-site-scripting attacks. | -- | May 15, 2023 | n/a |
| CVE-2024-2197 | Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access. | -- | Mar 20, 2024 | n/a |
| CVE-2024-23329 | changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any unauthorized user. As a result any unauthorized user can check one\'s watch history. However, because unauthorized party first needs to know a watch UUID, and the watch history endpoint itself returns only paths to the snapshot on the server, an impact on users\' data privacy is minimal. This issue has been addressed in version 0.45.13. Users are advised to upgrade. There are no known workarounds for this vulnerability. | -- | Jan 19, 2024 | n/a |
| CVE-2023-7248 | Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x | -- | Mar 17, 2024 | n/a |
| CVE-2024-22388 | Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys. | -- | Feb 7, 2024 | n/a |
| CVE-2023-6691 | Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges. | -- | Dec 18, 2023 | n/a |
| CVE-2023-33217 | By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it\'s possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer | -- | Dec 15, 2023 | n/a |
| CVE-2022-39019 | Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. | -- | Nov 1, 2022 | n/a |
| CVE-2022-39018 | Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. | -- | Nov 1, 2022 | n/a |
| CVE-2024-29963 | Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn\'t have access to remote Docker registries. | -- | Apr 19, 2024 | n/a |
| CVE-2024-4159 | Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information. | -- | Apr 25, 2024 | n/a |
| CVE-2023-31429 | Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal. | -- | Aug 1, 2023 | n/a |
