Total
10735 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47705 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. IBM X-Force ID: 271228. | |||||
| CVE-2023-47210 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
| Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2023-47161 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799. | |||||
| CVE-2023-47003 | 1 Redislabs | 1 Redisgraph | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. | |||||
| CVE-2023-46763 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously. | |||||
| CVE-2023-46289 | 1 Rockwellautomation | 1 Factorytalk View | 2024-11-21 | N/A | 7.5 HIGH |
| Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition. | |||||
| CVE-2023-46159 | 1 Ibm | 1 Storage Ceph | 2024-11-21 | N/A | 2.6 LOW |
| IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906. | |||||
| CVE-2023-45167 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965. | |||||
| CVE-2023-45128 | 1 Gofiber | 1 Fiber | 2024-11-21 | N/A | 10.0 CRITICAL |
| Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform various malicious actions on behalf of an authenticated user, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This issue has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes as defense in depth measures. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-44110 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 4.3 MEDIUM |
| Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-43745 | 2024-11-21 | N/A | 2.8 LOW | ||
| Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-43073 | 1 Dell | 1 Smartfabric Storage Software | 2024-11-21 | N/A | 4.3 MEDIUM |
| Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data. | |||||
| CVE-2023-42776 | 1 Intel | 1 Sgx Dcap | 2024-11-21 | N/A | 3.8 LOW |
| Improper input validation in some Intel(R) SGX DCAP software for Windows before version 1.19.100.3 may allow an authenticateed user to potentially enable information disclosure via local access. | |||||
| CVE-2023-42766 | 1 Intel | 4 Nuc 8 Compute Element Cm8v5cb, Nuc 8 Compute Element Cm8v5cb Firmware, Nuc 8 Compute Element Cm8v7cb and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| Improper input validation in some Intel NUC 8 Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-42527 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.6 MEDIUM |
| Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information. | |||||
| CVE-2023-41917 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution. | |||||
| CVE-2023-41748 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2024-11-21 | N/A | 9.8 CRITICAL |
| Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | |||||
| CVE-2023-41746 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2024-11-21 | N/A | 9.8 CRITICAL |
| Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | |||||
| CVE-2023-41355 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking. | |||||
| CVE-2023-41336 | 1 Symfony | 1 Ux Autocomplete | 2024-11-21 | N/A | 6.5 MEDIUM |
| ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an `EntityType` that is *not* part of the valid choices. The problem has been fixed in `symfony/ux-autocomplete` version 2.11.2. | |||||