Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38410 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-21 | N/A | 7.8 HIGH |
|
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.
|
|||||
| CVE-2023-38409 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info).
|
|||||
| CVE-2023-38405 | 1 Crestron | 6 Cp3-gv 6506034, Cp3-gv 6506034 Firmware, Cp3 6504877 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
|
On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash.
|
|||||
| CVE-2023-38402 | 2 Hp, Microsoft | 2 Aruba Virtual Intranet Access, Windows | 2024-11-21 | N/A | 7.1 HIGH |
|
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process.
|
|||||
| CVE-2023-38401 | 2 Hp, Microsoft | 2 Aruba Virtual Intranet Access, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.
|
|||||
| CVE-2023-38379 | 1 Rigol | 2 Mso5000, Mso5000 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password.
|
|||||
| CVE-2023-38363 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 260818.
|
|||||
| CVE-2023-38344 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access.
|
|||||
| CVE-2023-38332 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.
|
|||||
| CVE-2023-38324 | 1 Opennds | 1 Captive Portal | 2024-11-21 | N/A | 5.3 MEDIUM |
|
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.
|
|||||
| CVE-2023-38259 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to access user-sensitive data.
|
|||||
| CVE-2023-38258 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 5.5 MEDIUM |
|
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory.
|
|||||
| CVE-2023-38201 | 3 Fedoraproject, Keylime, Redhat | 9 Fedora, Keylime, Enterprise Linux and 6 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.
|
|||||
| CVE-2023-38198 | 1 Acme.sh Project | 1 Acme.sh | 2024-11-21 | N/A | 9.8 CRITICAL |
|
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023.
|
|||||
| CVE-2023-38186 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 2 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Windows Mobile Device Management Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-38185 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft Exchange Server Remote Code Execution Vulnerability
|
|||||
| CVE-2023-38184 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
|
|||||
| CVE-2023-38182 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 8.0 HIGH |
|
Microsoft Exchange Server Remote Code Execution Vulnerability
|
|||||
| CVE-2023-38181 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft Exchange Server Spoofing Vulnerability
|
|||||
| CVE-2023-38178 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2024-11-21 | N/A | 7.5 HIGH |
|
.NET Core and Visual Studio Denial of Service Vulnerability
|
|||||
| CVE-2023-38177 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Microsoft SharePoint Server Remote Code Execution Vulnerability
|
|||||
| CVE-2023-38176 | 1 Microsoft | 1 Azure Arc-enabled Servers | 2024-11-21 | N/A | 7.0 HIGH |
|
Azure Arc-Enabled Servers Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-38175 | 1 Microsoft | 1 Windows Defender | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Windows Defender Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-38171 | 1 Microsoft | 4 .net, Visual Studio 2022, Windows 11 22h2 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Microsoft QUIC Denial of Service Vulnerability
|
|||||
| CVE-2023-38170 | 1 Microsoft | 1 Hevc Video Extensions | 2024-11-21 | N/A | 7.8 HIGH |
|
HEVC Video Extensions Remote Code Execution Vulnerability
|
|||||
| CVE-2023-38169 | 1 Microsoft | 3 Odbc Driver For Sql Server, Ole Db Driver For Sql Server, Sql Server | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft SQL OLE DB Remote Code Execution Vulnerability
|
|||||
| CVE-2023-38163 | 1 Microsoft | 1 Windows Defender Security Intelligence Updates | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Defender Attack Surface Reduction Security Feature Bypass
|
|||||
| CVE-2023-38161 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows GDI Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-38155 | 1 Microsoft | 1 Azure Devops Server | 2024-11-21 | N/A | 7.0 HIGH |
|
Azure DevOps Server Remote Code Execution Vulnerability
|
|||||
| CVE-2023-38151 | 1 Microsoft | 2 Host Integration Server, Ole Db Provider | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability
|
|||||
| CVE-2023-38150 | 1 Microsoft | 2 Windows 11 21h2, Windows 11 22h2 | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-38135 | 1 Intel | 1 Performance Maximizer | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Improper authorization in some Intel(R) PM software may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-38133 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information.
|
|||||
| CVE-2023-38132 | 1 Elecom | 2 Lan-w451ngr, Lan-w451ngr Firmware | 2024-11-21 | N/A | 8.8 HIGH |
|
LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service.
|
|||||
| CVE-2023-38062 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.3 MEDIUM |
|
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
|
|||||
| CVE-2023-38059 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A | 5.3 MEDIUM |
|
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.
|
|||||
| CVE-2023-38043 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.
|
|||||
| CVE-2023-38023 | 2 Intel, Scontain | 2 Software Guard Extensions, Scone | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak."
|
|||||
| CVE-2023-38022 | 1 Fortanix | 1 Confidential Computing Manager | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user.
|
|||||
| CVE-2023-38021 | 1 Fortanix | 1 Confidential Computing Manager | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer.
|
|||||