Total
29518 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27995 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | N/A | 7.2 HIGH |
| A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload. | |||||
| CVE-2023-27879 | 1 Intel | 8 Optane Memory H20 With Solid State Storage, Optane Memory H20 With Solid State Storage Firmware, Optane Ssd 905p and 5 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| Improper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access. | |||||
| CVE-2023-27509 | 1 Intel | 1 Ispc Software Installer | 2024-11-21 | N/A | 6.6 MEDIUM |
| Improper access control in some Intel(R) ISPC software installers before version 1.19.0 may allow an authenticated user to potentially enable escalation of privileges via local access. | |||||
| CVE-2023-27383 | 1 Intel | 5 Advisor, Inspector, Mpi Library and 2 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023.1 and Intel(R)MPI Library software before version 2021.9 may allow a privileged user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2023-27318 | 1 Netapp | 1 Storagegrid | 2024-11-21 | N/A | 6.5 MEDIUM |
| StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service. | |||||
| CVE-2023-27279 | 1 Ibm | 1 Aspera Faspex | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533. | |||||
| CVE-2023-27197 | 1 Paxtechnology | 2 Pax A930, Pax A930 Firmware | 2024-11-21 | N/A | 6.7 MEDIUM |
| PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability. | |||||
| CVE-2023-26586 | 1 Intel | 7 Killer, Killer Wi-fi 6e Ax1675, Killer Wi-fi 6e Ax1690 and 4 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2023-26483 | 1 Gosaml2 Project | 1 Gosaml2 | 2024-11-21 | N/A | 5.3 MEDIUM |
| gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a `deflate`-compressed request which will consume significantly more memory during processing than the size of the original request. This may eventually lead to memory exhaustion and the process being killed. The maximum compression ratio achievable with `deflate` is 1032:1, so by limiting the size of bodies passed to gosaml2, limiting the rate and concurrency of calls, and ensuring that lots of memory is available to the process it _may_ be possible to help Go's garbage collector "keep up". Implementors are encouraged not to rely on this. This issue is fixed in version 0.9.0. | |||||
| CVE-2023-26478 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 6.6 MEDIUM |
| XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, `org.xwiki.store.script.TemporaryAttachmentsScriptService#uploadTemporaryAttachment` returns an instance of `com.xpn.xwiki.doc.XWikiAttachment`. This class is not supported to be exposed to users without the `programing` right. `com.xpn.xwiki.api.Attachment` should be used instead and takes case of checking the user's rights before performing dangerous operations. This has been patched in versions 14.9-rc-1 and 14.4.6. There are no known workarounds for this issue. | |||||
| CVE-2023-26466 | 1 Pega | 1 Synchronization Engine | 2024-11-21 | N/A | 7.8 HIGH |
| A user with non-Admin access can change a configuration file on the client to modify the Server URL. | |||||
| CVE-2023-26284 | 1 Ibm | 1 Mq Certified Container | 2024-11-21 | N/A | 7.5 HIGH |
| IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417. | |||||
| CVE-2023-26078 | 2 Atera, Microsoft | 2 Atera, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs. | |||||
| CVE-2023-26077 | 2 Atera, Microsoft | 2 Atera, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2023-26055 | 1 Xwiki | 1 Commons | 2024-11-21 | N/A | 9.9 CRITICAL |
| XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places where short text properties are displayed, e.g., in apps created using Apps Within Minutes that use a short text field. The problem has been patched on versions 13.10.9, 14.4.4, 14.7RC1. | |||||
| CVE-2023-25821 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 5.7 MEDIUM |
| Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available. | |||||
| CVE-2023-25632 | 1 Naver | 1 Whale Browser | 2024-11-21 | N/A | 5.5 MEDIUM |
| The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature. | |||||
| CVE-2023-25608 | 1 Fortinet | 4 Fortiap, Fortiap-c, Fortiap-u and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments. | |||||
| CVE-2023-25605 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | N/A | 7.5 HIGH |
| A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests. | |||||
| CVE-2023-25519 | 1 Nvidia | 8 Bluefield 1, Bluefield 1 Firmware, Bluefield 2 Ga and 5 more | 2024-11-21 | N/A | 7.8 HIGH |
| NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges. | |||||