Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25938 | 1 Dell | 868 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 865 more | 2024-11-21 | N/A | 5.1 MEDIUM |
|
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
|
|||||
| CVE-2023-25937 | 1 Dell | 868 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 865 more | 2024-11-21 | N/A | 5.1 MEDIUM |
|
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
|
|||||
| CVE-2023-25936 | 1 Dell | 868 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 865 more | 2024-11-21 | N/A | 5.1 MEDIUM |
|
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
|
|||||
| CVE-2023-25930 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | N/A | 5.9 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862.
|
|||||
| CVE-2023-25901 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Dimension versions 3.4.7 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-25881 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Dimension versions 3.4.7 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-25879 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Dimension versions 3.4.7 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-25867 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-25865 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-25859 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-25776 | 1 Intel | 20 Server System D50tnp1mhcpac, Server System D50tnp1mhcpac Firmware, Server System D50tnp1mhcrac and 17 more | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.
|
|||||
| CVE-2023-25772 | 1 Intel | 1 Retail Edge Program | 2024-11-21 | N/A | 5.0 MEDIUM |
|
Improper input validation in the Intel(R) Retail Edge Mobile Android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2023-25696 | 1 Apache | 1 Apache-airflow-providers-apache-hive | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper Input Validation vulnerability in the Apache Airflow Hive Provider.
This issue affects Apache Airflow Hive Provider versions before 5.1.3.
|
|||||
| CVE-2023-25661 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 6.5 MEDIUM |
|
TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure coul ...
Show More |
|||||
| CVE-2023-25651 | 1 Zte | 4 Mf286r, Mf286r Firmware, Mf833u1 and 1 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.
|
|||||
| CVE-2023-25534 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2024-11-21 | N/A | 5.7 MEDIUM |
|
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
|
|||||
| CVE-2023-25533 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2024-11-21 | N/A | 8.3 HIGH |
|
NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges.
|
|||||
| CVE-2023-25530 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2024-11-21 | N/A | 8.0 HIGH |
|
NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.
|
|||||
| CVE-2023-25522 | 1 Nvidia | 4 Dgx A100, Dgx A100 Firmware, Dgx A800 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
|
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.
|
|||||
| CVE-2023-25520 | 1 Nvidia | 5 Jetson Agx Xavier, Jetson Linux, Jetson Tx2 and 2 more | 2024-11-21 | N/A | 4.4 MEDIUM |
|
NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service.
|
|||||
| CVE-2023-25175 | 1 Intel | 20 Server System D50tnp1mhcpac, Server System D50tnp1mhcpac Firmware, Server System D50tnp1mhcrac and 17 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.
|
|||||
| CVE-2023-24975 | 1 Ibm | 1 Spectrum Symphony | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 247030.
|
|||||
| CVE-2023-24950 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Microsoft SharePoint Server Spoofing Vulnerability
|
|||||
| CVE-2023-24893 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | N/A | 7.8 HIGH |
|
Visual Studio Code Remote Code Execution Vulnerability
|
|||||
| CVE-2023-24866 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
|
|||||
| CVE-2023-24865 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
|
|||||
| CVE-2023-24856 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
|
|||||
| CVE-2023-24853 | 1 Qualcomm | 226 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 223 more | 2024-11-21 | N/A | 8.4 HIGH |
|
Memory Corruption in HLOS while registering for key provisioning notify.
|
|||||
| CVE-2023-24816 | 2 Ipython, Microsoft | 2 Ipython, Windows | 2024-11-21 | N/A | 4.5 MEDIUM |
|
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` pre ...
Show More |
|||||
| CVE-2023-24807 | 1 Nodejs | 1 Undici | 2024-11-21 | N/A | 7.5 HIGH |
|
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.
|
|||||
| CVE-2023-24571 | 1 Dell | 2 Embedded Box Pc 3000, Embedded Box Pc 3000 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.
|
|||||
| CVE-2023-24569 | 1 Dell | 1 Alienware Command Center | 2024-11-21 | N/A | 7.8 HIGH |
|
Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.
|
|||||
| CVE-2023-24465 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions
has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to crash.
|
|||||
| CVE-2023-24463 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
|
|||||
| CVE-2023-23934 | 1 Palletsprojects | 1 Werkzeug | 2024-11-21 | N/A | 2.6 LOW |
|
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie usi ...
Show More |
|||||
| CVE-2023-23419 | 1 Microsoft | 1 Windows 11 22h2 | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-23416 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Cryptographic Services Remote Code Execution Vulnerability
|
|||||
| CVE-2023-23409 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
|
|||||
| CVE-2023-23375 | 1 Microsoft | 2 Odbc, Ole Db | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
|
|||||
| CVE-2023-22940 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 6.3 MEDIUM |
|
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances wit ...
Show More |
|||||