Total
29467 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1260 | 2 Kubernetes, Redhat | 2 Kube-apiserver, Openshift Container Platform | 2024-11-21 | N/A | 8.0 HIGH |
| An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. | |||||
| CVE-2023-1201 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains. | |||||
| CVE-2023-1143 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 8.8 HIGH |
| In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2023-1132 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | N/A | 5.3 MEDIUM |
| Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | |||||
| CVE-2023-0965 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | N/A | 3.1 LOW |
| Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | |||||
| CVE-2023-0916 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491. | |||||
| CVE-2023-0914 | 1 Pixelfed | 1 Pixelfed | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4. | |||||
| CVE-2023-0857 | 1 Canon | 90 I-sensys Lbp621cw, I-sensys Lbp621cw Firmware, I-sensys Lbp623cdw and 87 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| Unintentional change of settings during initial registration of system administrators which uses control protocols. The affected Office / Small Office Multifunction Printers and Laser Printers(*) may allow an attacker on the network segment to trigger unauthorized access to the product. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | |||||
| CVE-2023-0837 | 3 Apple, Microsoft, Teamviewer | 3 Macos, Windows, Remote | 2024-11-21 | N/A | 6.6 MEDIUM |
| An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration. | |||||
| CVE-2023-0821 | 1 Hashicorp | 1 Nomad | 2024-11-21 | N/A | 6.5 MEDIUM |
| HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4. | |||||
| CVE-2023-0697 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0665 | 1 Hashicorp | 1 Vault | 2024-11-21 | N/A | 6.5 MEDIUM |
| HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9. | |||||
| CVE-2023-0627 | 1 Docker | 1 Docker Desktop | 2024-11-21 | N/A | 6.7 MEDIUM |
| Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X. | |||||
| CVE-2023-0584 | 1 Vektor-inc | 1 Vk Blocks | 2024-11-21 | N/A | 4.3 MEDIUM |
| The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vk_font_awesome_version' option to an arbitrary value. | |||||
| CVE-2023-0583 | 1 Vektor-inc | 1 Vk Blocks | 2024-11-21 | N/A | 4.3 MEDIUM |
| The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons. | |||||
| CVE-2023-0581 | 1 Lcweb | 1 Privatecontent | 2024-11-21 | N/A | 5.3 MEDIUM |
| The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it possible for unauthenticated attackers to bypass any login restrictions that may prevent a brute force attack. | |||||
| CVE-2023-0475 | 1 Hashicorp | 1 Go-getter | 2024-11-21 | N/A | 4.2 MEDIUM |
| HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0. | |||||
| CVE-2023-0435 | 1 Pyload | 1 Pyload | 2024-11-21 | N/A | 9.8 CRITICAL |
| Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41. | |||||
| CVE-2023-0348 | 1 Akuvox | 2 E11, E11 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Akuvox E11 allows direct SIP calls. No access control is enforced by the SIP servers, which could allow an attacker to contact any device within Akuvox to call any other device. | |||||
| CVE-2023-0344 | 1 Akuvox | 2 E11, E11 Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server. | |||||