Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32651 | 1 Intel | 7 Killer, Killer Wi-fi 6e Ax1675, Killer Wi-fi 6e Ax1690 and 4 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
|
|||||
| CVE-2023-32626 | 1 Elecom | 4 Lan-w300n\/pr5, Lan-w300n\/pr5 Firmware, Lan-w300n\/rs and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands.
|
|||||
| CVE-2023-32544 | 1 Intel | 1 Nuc P14e Laptop Element | 2024-11-21 | N/A | 7.3 HIGH |
|
Improper access control in some Intel HotKey Services for Windows 10 for Intel NUC P14E Laptop Element software installers before version 1.1.45 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2023-32479 | 2 Dell, Microsoft | 4 Encryption, Endpoint Security Suite Enterprise, Security Management Server and 1 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.
|
|||||
| CVE-2023-32450 | 1 Dell | 1 Power Manager | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.
|
|||||
| CVE-2023-32285 | 1 Intel | 134 Compute Element Stk2mv64cc, Compute Element Stk2mv64cc Firmware, Nuc Board Nuc7i3bnb and 131 more | 2024-11-21 | N/A | 6.0 MEDIUM |
|
Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.
|
|||||
| CVE-2023-32279 | 1 Intel | 1 Connectivity Performance Suite | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access.
|
|||||
| CVE-2023-32230 | 1 Bosch | 7 Monitor Wall, Video Recording Manager, Video Streaming Gateway and 4 more | 2024-11-21 | N/A | 7.5 HIGH |
|
An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.
|
|||||
| CVE-2023-32204 | 1 Intel | 1 One Boot Flash Update | 2024-11-21 | N/A | 8.8 HIGH |
|
Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-32100 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Compiler removal of buffer clearing in
sli_se_driver_mac_compute
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
|
|||||
| CVE-2023-32099 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Compiler removal of buffer clearing in
sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
|
|||||
| CVE-2023-32098 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Compiler removal of buffer clearing in
sli_se_sign_message
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
|
|||||
| CVE-2023-32097 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | N/A | 3.1 LOW |
|
Compiler removal of buffer clearing in
sli_crypto_transparent_aead_decrypt_tag
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
|
|||||
| CVE-2023-32096 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | N/A | 3.1 LOW |
|
Compiler removal of buffer clearing in
sli_crypto_transparent_aead_encrypt_tag
in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
|
|||||
| CVE-2023-31718 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | N/A | 7.5 HIGH |
|
FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.
|
|||||
| CVE-2023-31716 | 1 Frangoteam | 1 Fuxa | 2024-11-21 | N/A | 7.5 HIGH |
|
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log
|
|||||
| CVE-2023-31704 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role.
|
|||||
| CVE-2023-31293 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled.
|
|||||
| CVE-2023-31199 | 1 Intel | 1 Solid State Drive Toolbox | 2024-11-21 | N/A | 7.7 HIGH |
|
Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-31172 | 1 Selinc | 1 Sel-5030 Acselerator Quickset | 2024-11-21 | N/A | 5.9 MEDIUM |
|
An Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.
See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.
This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.
|
|||||
| CVE-2023-31023 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2024-11-21 | N/A | 5.5 MEDIUM |
|
NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service.
|
|||||
| CVE-2023-31020 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2024-11-21 | N/A | 6.1 MEDIUM |
|
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering.
|
|||||
| CVE-2023-31019 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2024-11-21 | N/A | 7.8 HIGH |
|
NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context.
|
|||||
| CVE-2023-30952 | 1 Palantir | 1 Foundry | 2024-11-21 | N/A | 5.0 MEDIUM |
|
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .
|
|||||
| CVE-2023-30946 | 1 Palantir | 1 Foundry Issues | 2024-11-21 | N/A | 3.5 LOW |
|
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
|
|||||
| CVE-2023-30739 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
|
|||||
| CVE-2023-30737 | 1 Samsung | 1 Health | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.
|
|||||
| CVE-2023-30734 | 1 Samsung | 1 Health | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.
|
|||||
| CVE-2023-30722 | 1 Samsung | 1 Blockchain Keystore | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code.
|
|||||
| CVE-2023-30718 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.
|
|||||
| CVE-2023-30714 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock.
|
|||||
| CVE-2023-30711 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.
|
|||||
| CVE-2023-30706 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege.
|
|||||
| CVE-2023-30704 | 1 Samsung | 1 Internet | 2024-11-21 | N/A | 3.8 LOW |
|
Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication.
|
|||||
| CVE-2023-30674 | 1 Samsung | 1 Internet | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie.
|
|||||
| CVE-2023-30671 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application.
|
|||||
| CVE-2023-30667 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.1 MEDIUM |
|
Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.
|
|||||
| CVE-2023-30654 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location.
|
|||||
| CVE-2023-30640 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration.
|
|||||
| CVE-2023-2974 | 1 Redhat | 1 Build Of Quarkus | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.
|
|||||