Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34086 | 1 Intel | 142 Compute Element Stk2mv64cc, Compute Element Stk2mv64cc Firmware, Nuc Board Nuc7i3bnb and 139 more | 2024-11-21 | N/A | 8.2 HIGH |
|
Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-34085 | 1 Pingidentity | 1 Pingfederate | 2024-11-21 | N/A | 2.6 LOW |
|
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request
|
|||||
| CVE-2023-34064 | 1 Vmware | 1 Workspace One Launcher | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.
|
|||||
| CVE-2023-34056 | 1 Vmware | 1 Vcenter Server | 2024-11-21 | N/A | 4.3 MEDIUM |
|
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
|
|||||
| CVE-2023-34054 | 1 Pivotal | 1 Reactor Netty | 2024-11-21 | N/A | 5.3 MEDIUM |
|
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.
|
|||||
| CVE-2023-34047 | 1 Vmware | 1 Spring For Graphql | 2024-11-21 | N/A | 3.1 LOW |
|
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry.
|
|||||
| CVE-2023-34041 | 1 Cloudfoundry | 2 Cf-deployment, Routing-release | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.
|
|||||
| CVE-2023-34038 | 1 Vmware | 1 Horizon Client | 2024-11-21 | N/A | 5.3 MEDIUM |
|
VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.
|
|||||
| CVE-2023-34034 | 1 Vmware | 1 Spring Security | 2024-11-21 | N/A | 9.1 CRITICAL |
|
Using "**" as a pattern in Spring Security configuration
for WebFlux creates a mismatch in pattern matching between Spring
Security and Spring WebFlux, and the potential for a security bypass.
|
|||||
| CVE-2023-33972 | 1 Scylladb | 1 Scylladb | 2024-11-21 | N/A | 7.2 HIGH |
|
Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users.
|
|||||
| CVE-2023-33964 | 1 Multiversx | 1 Mx-chain-go | 2024-11-21 | N/A | 8.6 HIGH |
|
mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Metachain cannot process a cross-shard miniblock. Prior to version 1.4.16, an invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor. This is strictly a processing issue that could have happened on MultiversX chain. If an error like this had occurred, the metachain would have stopped notarizing blocks from the shard chains. The resum ...
Show More |
|||||
| CVE-2023-33955 | 1 Minio | 1 Console | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0.
|
|||||
| CVE-2023-33903 | 2 Google, Unisoc | 14 Android, S8001, Sc7731e and 11 more | 2024-11-21 | N/A | 4.4 MEDIUM |
|
In FM service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed.
|
|||||
| CVE-2023-33875 | 1 Intel | 10 Killer, Killer Wi-fi 6 Ax1650, Killer Wi-fi 6e Ax1675 and 7 more | 2024-11-21 | N/A | 7.1 HIGH |
|
Improper access control for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via local access..
|
|||||
| CVE-2023-33857 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695.
|
|||||
| CVE-2023-33851 | 1 Ibm | 1 Powervm Hypervisor | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135.
|
|||||
| CVE-2023-33848 | 3 Hp, Ibm, Linux | 5 Hp-ux, Aix, Cics Tx and 2 more | 2024-11-21 | N/A | 4.9 MEDIUM |
|
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. IBM X-Force ID: 257104.
|
|||||
| CVE-2023-33842 | 3 Apple, Ibm, Microsoft | 3 Macos, Spss Modeler, Windows | 2024-11-21 | N/A | 6.2 MEDIUM |
|
IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.
|
|||||
| CVE-2023-33796 | 1 Netbox | 1 Netbox | 2024-11-21 | N/A | 9.1 CRITICAL |
|
A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; queries for database objects would have been denied.
|
|||||
| CVE-2023-33745 | 1 Teleadapt | 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password).
|
|||||
| CVE-2023-33684 | 1 Dbbroadcast | 3 Sft Dab 600\/c, Sft Dab 600\/c Bios, Sft Dab 600\/c Firmware | 2024-11-21 | N/A | 5.7 MEDIUM |
|
Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol.
|
|||||
| CVE-2023-33562 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-11-21 | N/A | 9.8 CRITICAL |
|
User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
|
|||||
| CVE-2023-33561 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords.
|
|||||
| CVE-2023-33558 | 1 Ocomon Project | 1 Ocomon | 2024-11-21 | N/A | 7.5 HIGH |
|
An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames.
|
|||||
| CVE-2023-33412 | 1 Supermicro | 724 B12dpe-6, B12dpe-6 Firmware, B12dpt-6 and 721 more | 2024-11-21 | N/A | 8.8 HIGH |
|
The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targeting vulnerable cgi endpoints.
|
|||||
| CVE-2023-33379 | 1 Connectedio | 2 Er2000t-vz-cat1, Er2000t-vz-cat1 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO's devices.
|
|||||
| CVE-2023-33217 | 1 Idemia | 16 Morphowave Compact, Morphowave Compact Firmware, Morphowave Sp and 13 more | 2024-11-21 | N/A | 7.5 HIGH |
|
By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent
denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer
|
|||||
| CVE-2023-33191 | 1 Nirmata | 1 Kyverno | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity `validate.podSecurity` subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4.
|
|||||
| CVE-2023-33183 | 1 Nextcloud | 1 Calendar | 2024-11-21 | N/A | 2.6 LOW |
|
Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3
|
|||||
| CVE-2023-33182 | 1 Nextcloud | 1 Contacts | 2024-11-21 | N/A | N/A |
|
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob (in memory data) that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It is recommended that the Contacts app is upgraded to 5.0.3 or 4.2.4
|
|||||
| CVE-2023-33174 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Windows Cryptographic Information Disclosure Vulnerability
|
|||||
| CVE-2023-33173 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Remote Procedure Call Runtime Denial of Service Vulnerability
|
|||||
| CVE-2023-33172 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Remote Procedure Call Runtime Denial of Service Vulnerability
|
|||||
| CVE-2023-33169 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Remote Procedure Call Runtime Denial of Service Vulnerability
|
|||||
| CVE-2023-33168 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Remote Procedure Call Runtime Denial of Service Vulnerability
|
|||||
| CVE-2023-33167 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Remote Procedure Call Runtime Denial of Service Vulnerability
|
|||||
| CVE-2023-33166 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Remote Procedure Call Runtime Denial of Service Vulnerability
|
|||||
| CVE-2023-33165 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Microsoft SharePoint Server Security Feature Bypass Vulnerability
|
|||||
| CVE-2023-33164 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Remote Procedure Call Runtime Denial of Service Vulnerability
|
|||||
| CVE-2023-33163 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Windows Network Load Balancing Remote Code Execution Vulnerability
|
|||||