Total
32947 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1636 | 2 Openstack, Redhat | 2 Barbican, Openstack Platform | 2024-11-21 | N/A | 6.0 MEDIUM |
| A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican. | |||||
| CVE-2023-1625 | 2 Openstack, Redhat | 2 Heat, Openstack Platform | 2024-11-21 | N/A | 7.4 HIGH |
| An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. | |||||
| CVE-2023-1621 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address. | |||||
| CVE-2023-1584 | 1 Quarkus | 1 Quarkus | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens. | |||||
| CVE-2023-1542 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 5.4 MEDIUM |
| Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-1541 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 3.8 LOW |
| Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2023-1369 | 1 Tgsoft | 2 Vir.it Explorer, Viragtlt.sys | 2024-11-21 | 4.6 MEDIUM | 5.0 MEDIUM |
| A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has been rated as problematic. This issue affects the function 0x82730088 in the library VIRAGTLT.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 9.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222875. | |||||
| CVE-2023-1299 | 1 Hashicorp | 1 Nomad | 2024-11-21 | N/A | 7.4 HIGH |
| HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1. | |||||
| CVE-2023-1297 | 1 Hashicorp | 1 Consul | 2024-11-21 | N/A | 4.9 MEDIUM |
| Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3 | |||||
| CVE-2023-1236 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-1234 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-1233 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low) | |||||
| CVE-2023-1232 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-1231 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1230 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1228 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1226 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1225 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1224 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-1223 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||||