Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25773 | 1 Intel | 1 Unite | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-25772 | 1 Intel | 1 Retail Edge Program | 2024-11-21 | N/A | 5.0 MEDIUM |
|
Improper input validation in the Intel(R) Retail Edge Mobile Android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2023-25771 | 1 Intel | 118 Compute Stick Stk2mv64cc, Compute Stick Stk2mv64cc Firmware, Nuc 7 Enthusiast Nuc7i7bnhxg and 115 more | 2024-11-21 | N/A | 5.8 MEDIUM |
|
Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.
|
|||||
| CVE-2023-25769 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2023-25757 | 1 Intel | 1 Unison | 2024-11-21 | N/A | 7.3 HIGH |
|
Improper access control in some Intel(R) Unison(TM) software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access.
|
|||||
| CVE-2023-25752 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | N/A | 6.5 MEDIUM |
|
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
|
|||||
| CVE-2023-25751 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
|
|||||
| CVE-2023-25742 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | N/A | 6.5 MEDIUM |
|
When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
|
|||||
| CVE-2023-25683 | 1 Ibm | 1 Powervm Hypervisor | 2024-11-21 | N/A | 5.9 MEDIUM |
|
IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592.
|
|||||
| CVE-2023-25680 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak | 2024-11-21 | N/A | 4.2 MEDIUM |
|
IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032.
|
|||||
| CVE-2023-25661 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 6.5 MEDIUM |
|
TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure coul ...
Show More |
|||||
| CVE-2023-25657 | 1 Networktocode | 1 Nautobot | 2024-11-21 | N/A | 7.5 HIGH |
|
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the Jinja2 template engine used internally for template rendering for the following objects: `extras.ComputedField`, `extras.CustomLink`, `extras.ExportTemplate`, `extras.Secret`, `extras.Webhook`. While no ...
Show More |
|||||
| CVE-2023-25644 | 1 Zte | 4 Mc801a, Mc801a1, Mc801a1 Firmware and 1 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.
|
|||||
| CVE-2023-25618 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 6.5 MEDIUM |
|
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.
|
|||||
| CVE-2023-25535 | 1 Dell | 1 Supportassist For Home Pcs | 2024-11-21 | N/A | 7.2 HIGH |
|
Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023
|
|||||
| CVE-2023-25534 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2024-11-21 | N/A | 5.7 MEDIUM |
|
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
|
|||||
| CVE-2023-25533 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2024-11-21 | N/A | 8.3 HIGH |
|
NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges.
|
|||||
| CVE-2023-25530 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2024-11-21 | N/A | 8.0 HIGH |
|
NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.
|
|||||
| CVE-2023-25526 | 1 Nvidia | 1 Cumulus Linux | 2024-11-21 | N/A | 6.5 MEDIUM |
|
NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service.
|
|||||
| CVE-2023-25525 | 1 Nvidia | 1 Cumulus Linux | 2024-11-21 | N/A | 7.5 HIGH |
|
NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure.
|
|||||
| CVE-2023-25524 | 1 Nvidia | 1 Omniverse Launcher | 2024-11-21 | N/A | 4.0 MEDIUM |
|
NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.
|
|||||
| CVE-2023-25518 | 1 Nvidia | 3 Jetson Agx Xavier, Jetson Linux, Jetson Xavier Nx | 2024-11-21 | N/A | 7.1 HIGH |
|
NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity.
|
|||||
| CVE-2023-25496 | 1 Lenovo | 1 Drivers Management | 2024-11-21 | N/A | 7.8 HIGH |
|
A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges.
|
|||||
| CVE-2023-25396 | 1 Caphyon | 1 Advanced Installer | 2024-11-21 | N/A | 7.8 HIGH |
|
Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below allows attackers to access and manipulate system files.
|
|||||
| CVE-2023-25183 | 1 Snapone | 2 Orvc, Ovrc-300-pro | 2024-11-21 | N/A | 8.3 HIGH |
|
In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device.
|
|||||
| CVE-2023-25175 | 1 Intel | 20 Server System D50tnp1mhcpac, Server System D50tnp1mhcpac Firmware, Server System D50tnp1mhcrac and 17 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.
|
|||||
| CVE-2023-25169 | 1 Discourse | 1 Discourse Yearly Review | 2024-11-21 | N/A | 3.1 LOW |
|
discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit `b3ab33bbf7` which is included in the latest version of the Discourse Yearly Review plugin. Users are advised to upgrade. Users unable to upgrade may disable the `yearly_review_enabled` setting to fully mitigate the issue. ...
Show More |
|||||
| CVE-2023-25161 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 3.7 LOW |
|
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowdown, storage overflow, or cost impact when using external email services. Users should upgrade to Nextcloud Server 25.0.1, 24.0.8, or 23.0.12 or Nextcloud Enterprise Server 25.0.1, 24.0.8, or 23.0.12 to receive a patch. ...
Show More |
|||||
| CVE-2023-25159 | 1 Nextcloud | 2 Nextcloud Server, Richdocuments | 2024-11-21 | N/A | 2.3 LOW |
|
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, and Nextcloud Office (Richdocuments) App 6.x prior to 6.3.1 and 7.x prior to 7.0.1 have previews accessible without a watermark. The download should be hidden and the watermark sho ...
Show More |
|||||
| CVE-2023-25080 | 1 Intel | 1 Openvino | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Protection mechanism failure in some Intel(R) Distribution of OpenVINO toolkit software before version 2023.0.0 may allow an authenticated user to potentially enable information disclosure via local access.
|
|||||
| CVE-2023-25073 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2023-25057 | 1 Libsyn | 1 Libsyn Publisher Hub | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.3.2.
|
|||||
| CVE-2023-24959 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.
|
|||||
| CVE-2023-24954 | 1 Microsoft | 14 Sharepoint Enterprise Server, Sharepoint Server, Windows 10 1507 and 11 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Microsoft SharePoint Server Information Disclosure Vulnerability
|
|||||
| CVE-2023-24953 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2023-24950 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Microsoft SharePoint Server Spoofing Vulnerability
|
|||||
| CVE-2023-24949 | 1 Microsoft | 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-24948 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 7 more | 2024-11-21 | N/A | 7.4 HIGH |
|
Windows Bluetooth Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-24947 | 1 Microsoft | 7 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 4 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Windows Bluetooth Driver Remote Code Execution Vulnerability
|
|||||
| CVE-2023-24946 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Backup Service Elevation of Privilege Vulnerability
|
|||||