Total
32947 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1221 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) | |||||
| CVE-2023-1210 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 3.1 LOW |
| An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain. | |||||
| CVE-2023-1208 | 1 Riverside | 1 Http Headers | 2024-11-21 | N/A | 7.2 HIGH |
| This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability. | |||||
| CVE-2023-1174 | 2 Apple, Kubernetes | 2 Macos, Minikube | 2024-11-21 | N/A | 9.8 CRITICAL |
| This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. | |||||
| CVE-2023-1138 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 7.5 HIGH |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials. | |||||
| CVE-2023-1109 | 1 Phoenixcontact | 7 Energy Axc Pu, Infobox, Infobox Firmware and 4 more | 2024-11-21 | N/A | 8.8 HIGH |
| In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service. | |||||
| CVE-2023-1084 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 2.7 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request. | |||||
| CVE-2023-0989 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.3 MEDIUM |
| An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration. | |||||
| CVE-2023-0954 | 1 Johnsoncontrols | 4 Illustra Pro Gen 4 Dome, Illustra Pro Gen 4 Dome Firmware, Illustra Pro Gen 4 Ptz and 1 more | 2024-11-21 | N/A | 8.3 HIGH |
| A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack. | |||||
| CVE-2023-0901 | 1 Pixelfed | 1 Pixelfed | 2024-11-21 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4. | |||||
| CVE-2023-0896 | 1 Lenovo | 2 Smart Clock Essential With Alexa Built In, Smart Clock Essential With Alexa Built In Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. | |||||
| CVE-2023-0872 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | N/A | 8.2 HIGH |
| The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue. | |||||
| CVE-2023-0859 | 1 Canon | 90 I-sensys Lbp621cw, I-sensys Lbp621cw Firmware, I-sensys Lbp623cdw and 87 more | 2024-11-21 | N/A | 2.2 LOW |
| Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers(*). *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | |||||
| CVE-2023-0850 | 1 Netgear | 2 Wndr3700, Wndr3700 Firmware | 2024-11-21 | 3.3 LOW | 2.7 LOW |
| A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. This issue affects some unknown processing of the component Web Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221153 was assigned to this vulnerability. | |||||
| CVE-2023-0848 | 1 Netgear | 2 Wndr3700, Wndr3700 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221147. | |||||
| CVE-2023-0775 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | N/A | 6.5 MEDIUM |
| An invalid ‘prepare write request’ command can cause the Bluetooth LE stack to run out of memory and fail to be able to handle subsequent connection requests, resulting in a denial-of-service. | |||||
| CVE-2023-0756 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.8 MEDIUM |
| An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems. | |||||
| CVE-2023-0683 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2024-11-21 | N/A | 8.3 HIGH |
| A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call. | |||||
| CVE-2023-0659 | 1 Bdcom | 2 1704-wgl, 1704-wgl Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220101 was assigned to this vulnerability. | |||||
| CVE-2023-0658 | 1 Multilaser | 4 Re057, Re057 Firmware, Re170 and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability. | |||||