Search Results (Refine Search)
- Category (CWE): CWE-20 Improper Input Validation
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-21742 |
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages. Published: February 27, 2024; 12:15:12 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-51747 |
Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypass SPF checks. The patch implies enforcement of CRLF as a line delimiter as part of the DATA transaction. We recommend James users to upgrade to non vulnerable versions. Published: February 27, 2024; 9:15:27 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-23320 |
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This issue affects Apache DolphinScheduler: until 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. Published: February 23, 2024; 12:15:08 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-20733 |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: February 15, 2024; 8:15:47 AM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-32484 |
Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity. Published: February 15, 2024; 8:15:45 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-32462 |
Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity. Published: February 15, 2024; 8:15:45 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-24941 |
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL Published: February 06, 2024; 5:15:11 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-33057 |
Transient DOS in Multi-Mode Call Processor while processing UE policy container. Published: February 06, 2024; 1:15:59 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-20004 |
In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985). Published: February 05, 2024; 1:15:47 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-20003 |
In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981). Published: February 05, 2024; 1:15:47 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-46159 |
IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906. Published: February 01, 2024; 10:15:09 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-42766 |
Improper input validation in some Intel NUC 8 Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. Published: January 19, 2024; 3:15:11 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-38587 |
Improper input validation in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. Published: January 19, 2024; 3:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-29495 |
Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access. Published: January 19, 2024; 3:15:09 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-28743 |
Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access. Published: January 19, 2024; 3:15:09 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-28738 |
Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access. Published: January 19, 2024; 3:15:09 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-5097 |
Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7. Published: January 16, 2024; 3:15:45 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-22027 |
Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services. Published: January 12, 2024; 2:15:12 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2024-22199 |
This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. The vulnerability has been addressed, the template engine now defaults to having autoescape set to `true`, effectively mitigating the risk of XSS attacks. Published: January 11, 2024; 1:15:45 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-29446 |
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline. Published: January 10, 2024; 4:15:08 PM -0500 |
V4.0:(not available) V3.1: 4.7 MEDIUM V2.0:(not available) |