Total
1595 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33242 | 1 Lindell17 Project | 1 Lindell17 | 2024-11-21 | 9.6 Critical |
| Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature. | ||||
| CVE-2023-33241 | 2 Gg18 Project, Gg20 Project | 2 Gg18, Gg20 | 2024-11-21 | 9.6 Critical |
| Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signatures or more fully exfiltrate the other parties' private key shares. | ||||
| CVE-2023-33234 | 1 Apache | 1 Airflow Cncf Kubernetes | 2024-11-21 | 7.2 High |
| Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions (Op or Admin) to change the connection object in this manner. Operators should upgrade to provider version 7.0.0 which has removed the vulnerability. | ||||
| CVE-2023-32786 | 1 Langchain | 1 Langchain | 2024-11-21 | 7.5 High |
| In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks. | ||||
| CVE-2023-31209 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | 8.8 High |
| Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. | ||||
| CVE-2023-31025 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | 6.5 Medium |
| NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure. | ||||
| CVE-2023-29050 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 7.6 High |
| The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service. Encoding has been added for user-provided fragments that are used when constructing the LDAP query. No publicly available exploits are known. | ||||
| CVE-2023-27533 | 5 Fedoraproject, Haxx, Netapp and 2 more | 15 Fedora, Curl, Active Iq Unified Manager and 12 more | 2024-11-21 | 8.8 High |
| A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. | ||||
| CVE-2023-26148 | 1 Ithewei | 1 Libhv | 2024-11-21 | 5.4 Medium |
| All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent. | ||||
| CVE-2023-26142 | 1 Crowcpp | 1 Crow | 2024-11-21 | 6.5 Medium |
| All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content. | ||||
| CVE-2023-26138 | 1 Drogon | 1 Drogon | 2024-11-21 | 5.4 Medium |
| All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent. | ||||
| CVE-2023-25613 | 1 Apache | 1 Identity Backend | 2024-11-21 | 9.8 Critical |
| An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. | ||||
| CVE-2023-24040 | 1 Opengroup | 1 Common Desktop Environment | 2024-11-21 | 7.1 High |
| dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users to manipulate the control flow and disclose memory contents on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-23749 | 1 Miniorange | 1 Ldap Integration With Active Directory And Openldap | 2024-11-21 | 7.5 High |
| The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database. | ||||
| CVE-2023-22522 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-11-21 | 8.8 High |
| This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | ||||
| CVE-2023-20057 | 1 Cisco | 13 Asyncos, Email Security Appliance C160, Email Security Appliance C170 and 10 more | 2024-11-21 | 0 Low |
| A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device. | ||||
| CVE-2023-1523 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2024-11-21 | 10 Critical |
| Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console. | ||||
| CVE-2023-0493 | 1 Btcpayserver | 1 Btcpay Server | 2024-11-21 | 5.3 Medium |
| Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5. | ||||
| CVE-2023-0476 | 1 Tenable | 1 Tenable.sc | 2024-11-21 | 6.5 Medium |
| A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection. | ||||
| CVE-2023-0302 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.8 High |
| Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2. | ||||