Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): software
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-40024 |
ScanCode.io is a server to script and automate software composition analysis pipelines. In the `/license/` endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting (XSS) vulnerability when attempting to access a detailed license view that does not exist. Attackers can exploit this vulnerability to inject malicious scripts into the response generated by the `license_details_view` function. When unsuspecting users visit the page, their browsers will execute the injected scripts, leading to unauthorized actions, session hijacking, or stealing sensitive information. This issue has been addressed in release `32.5.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability. Published: August 14, 2023; 4:15:12 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-29097 |
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in a3rev Software a3 Portfolio plugin <= 3.1.0 versions. Published: August 14, 2023; 10:15:10 AM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2020-35990 |
Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file. Published: August 11, 2023; 10:15:11 AM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-3937 |
Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser Published: August 11, 2023; 8:15:09 AM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-3864 |
Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal. Published: August 11, 2023; 8:15:09 AM -0400 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-39553 |
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected. Published: August 11, 2023; 4:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-40254 |
Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. Published: August 11, 2023; 3:15:09 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-34427 |
Protection mechanism failure in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Published: August 10, 2023; 11:15:34 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-33877 |
Out-of-bounds write in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Published: August 10, 2023; 11:15:33 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-33867 |
Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Published: August 10, 2023; 11:15:33 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-32656 |
Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Published: August 10, 2023; 11:15:32 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-32547 |
Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access. Published: August 10, 2023; 11:15:32 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-31246 |
Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access. Published: August 10, 2023; 11:15:31 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-30760 |
Out-of-bounds read in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable information disclosure via local access. Published: August 10, 2023; 11:15:31 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-29243 |
Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local access. Published: August 10, 2023; 11:15:27 PM -0400 |
V3.1: 4.4 MEDIUM V2.0:(not available) |
CVE-2023-28938 |
Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access. Published: August 10, 2023; 11:15:27 PM -0400 |
V3.1: 4.4 MEDIUM V2.0:(not available) |
CVE-2023-28823 |
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access. Published: August 10, 2023; 11:15:26 PM -0400 |
V3.1: 7.3 HIGH V2.0:(not available) |
CVE-2023-28736 |
Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. Published: August 10, 2023; 11:15:25 PM -0400 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2023-28714 |
Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access. Published: August 10, 2023; 11:15:25 PM -0400 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2023-28658 |
Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Published: August 10, 2023; 11:15:25 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |