Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-30663 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.
|
|||||
| CVE-2023-30659 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.2 MEDIUM |
|
Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
|
|||||
| CVE-2023-30658 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 8.5 HIGH |
|
Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
|
|||||
| CVE-2023-30657 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.2 MEDIUM |
|
Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
|
|||||
| CVE-2023-30656 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 8.5 HIGH |
|
Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.
|
|||||
| CVE-2023-30655 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 8.5 HIGH |
|
Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
|
|||||
| CVE-2023-30559 | 1 Bd | 2 Alaris 8015 Pcu, Alaris 8015 Pcu Firmware | 2024-11-21 | N/A | 5.2 MEDIUM |
|
The firmware update package for the wireless card is not properly signed and can be modified.
|
|||||
| CVE-2023-30542 | 1 Openzeppelin | 2 Contracts, Contracts Upgradeable | 2024-11-21 | N/A | 6.8 MEDIUM |
|
OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint (`propose`) in `GovernorCompatibilityBravo` allows the creation of proposals with a `signatures` array shorter than the `calldatas` array. This causes the additional elements of the latter to be ignored, and if the proposal succeeds the corresponding actions would eventually execute without any calldata. The `ProposalCreated` event correctly represents what will eventually execute, but the ...
Show More |
|||||
| CVE-2023-30535 | 1 Snowflake | 1 Snowflake Jdbc | 2024-11-21 | N/A | 7.3 HIGH |
|
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a re ...
Show More |
|||||
| CVE-2023-30447 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | N/A | 5.9 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436.
|
|||||
| CVE-2023-30446 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | N/A | 5.9 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID:
253361
.
|
|||||
| CVE-2023-30442 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | N/A | 5.9 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202.
|
|||||
| CVE-2023-30440 | 1 Ibm | 1 Powervm Hypervisor | 2024-11-21 | N/A | 6.7 MEDIUM |
|
IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175.
|
|||||
| CVE-2023-30434 | 1 Ibm | 2 Elastic Storage System, Spectrum Scale | 2024-11-21 | N/A | 6.2 MEDIUM |
|
IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187.
|
|||||
| CVE-2023-2942 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 8.1 HIGH |
|
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
|
|||||
| CVE-2023-2917 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol ...
Show More |
|||||
| CVE-2023-2915 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2024-11-21 | N/A | 7.5 HIGH |
|
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condit ...
Show More |
|||||
| CVE-2023-2914 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2024-11-21 | N/A | 7.5 HIGH |
|
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software.
|
|||||
| CVE-2023-2808 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.
|
|||||
| CVE-2023-2315 | 1 Opencart | 1 Opencart | 2024-11-21 | N/A | 8.1 HIGH |
|
Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server
|
|||||
| CVE-2023-2267 | 1 Selinc | 2 Sel-411l, Sel-411l Firmware | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.
See product Instruction Manual Appendix A dated 20230830 for more details.
|
|||||
| CVE-2023-2264 | 1 Selinc | 2 Sel-411l, Sel-411l Firmware | 2024-11-21 | N/A | 4.0 MEDIUM |
|
An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.
See product Instruction Manual Appendix A dated 20230830 for more details.
|
|||||
| CVE-2023-2071 | 1 Rockwellautomation | 2 Factorytalk View, Panelview Plus | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that restricts it to execute specific functions from two dynamic link library files. By using a CIP class, an attacker can upload a self-made library to the device w ...
Show More |
|||||
| CVE-2023-29530 | 3 Fedoraproject, Getlaminas, Guzzlephp | 3 Fedora, Laminas-diactoros, Psr-7 | 2024-11-21 | N/A | 7.5 HIGH |
|
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value, can cause an invalid message. This can lead to denial of service vectors or application errors. The problem has been patched in following versions 2.18.1, 2.19.1, 2.20.1, 2.21.1, 2.22.1, 2.23.1, 2.24.1 ...
Show More |
|||||
| CVE-2023-29495 | 1 Intel | 4 Nuc 8 Mainstream-g Kit Nuc8i5inh, Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware, Nuc 8 Mainstream-g Kit Nuc8i7inh and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-29494 | 1 Intel | 48 Nuc 11 Pro Board Nuc11tnbi3, Nuc 11 Pro Board Nuc11tnbi30z, Nuc 11 Pro Board Nuc11tnbi30z Firmware and 45 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-29464 | 1 Rockwellautomation | 1 Factorytalk Linx | 2024-11-21 | N/A | 8.2 HIGH |
|
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial proto ...
Show More |
|||||
| CVE-2023-29452 | 1 Zabbix | 1 Zabbix | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider.
|
|||||
| CVE-2023-29451 | 1 Zabbix | 1 Zabbix | 2024-11-21 | N/A | 4.7 MEDIUM |
|
Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.
|
|||||
| CVE-2023-29446 | 1 Ptc | 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server | 2024-11-21 | N/A | 4.7 MEDIUM |
|
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.
|
|||||
| CVE-2023-29410 | 1 Schneider-electric | 6 Conext Gateway, Conext Gateway Firmware, Insightfacility and 3 more | 2024-11-21 | N/A | 7.2 HIGH |
|
A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated
attacker to gain the same privilege as the application on the server when a malicious payload is
provided over HTTP for the server to execute.
|
|||||
| CVE-2023-29353 | 1 Microsoft | 2 Sysinternals, Sysinternals Process Monitor | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Sysinternals Process Monitor for Windows Denial of Service Vulnerability
|
|||||
| CVE-2023-29335 | 1 Microsoft | 15 365 Apps, Office, Windows 10 1507 and 12 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Microsoft Word Security Feature Bypass Vulnerability
|
|||||
| CVE-2023-29332 | 1 Microsoft | 1 Azure Kubernetes Service | 2024-11-21 | N/A | 7.5 HIGH |
|
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-29293 | 1 Adobe | 2 Commerce, Magento | 2024-11-21 | N/A | 2.7 LOW |
|
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2023-29258 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.
|
|||||
| CVE-2023-29255 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | N/A | 7.5 HIGH |
|
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.
|
|||||
| CVE-2023-29246 | 1 Apache | 1 Openmeetings | 2024-11-21 | N/A | 7.2 HIGH |
|
An attacker who has gained access to an admin account can perform RCE via null-byte injection
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
|
|||||
| CVE-2023-29195 | 1 Linuxfoundation | 1 Vitess | 2024-11-21 | N/A | 4.1 MEDIUM |
|
Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input c ...
Show More |
|||||
| CVE-2023-29194 | 1 Linuxfoundation | 1 Vitess | 2024-11-21 | N/A | 4.1 MEDIUM |
|
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. As a workaround, ...
Show More |
|||||