Total
35570 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30633 | 1 Insyde | 1 Insydeh2o | 2024-11-21 | 5.3 Medium |
| An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. (For example, Windows uses these PCR measurements to determine device health.) A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. This requires physical access to a target victim's device, or compromise of user credentials for a device. This issue is similar to CVE-2021-42299 (on Surface Pro devices). | ||||
| CVE-2023-30437 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 5.3 Medium |
| IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293. | ||||
| CVE-2023-30297 | 1 N-able | 1 N-central | 2024-11-21 | 7.0 High |
| An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server. | ||||
| CVE-2023-30131 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | 9.8 Critical |
| An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls. | ||||
| CVE-2023-2992 | 1 Lenovo | 16 Nextscale N1200 Enclosure, Nextscale N1200 Enclosure Firmware, Thinkagile Cp-cb-10 and 13 more | 2024-11-21 | 7.5 High |
| An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server. | ||||
| CVE-2023-2979 | 1 Abstrium | 1 Pydio Cells | 2024-11-21 | 4.7 Medium |
| A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230211. | ||||
| CVE-2023-2926 | 1 Seacms | 1 Seacms | 2024-11-21 | 5.4 Medium |
| A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230081 was assigned to this vulnerability. | ||||
| CVE-2023-2874 | 2 Filseclab, Microsoft | 2 Twister Antivirus, Windows | 2024-11-21 | 5.5 Medium |
| A vulnerability, which was classified as problematic, has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2816 | 1 Hashicorp | 1 Consul | 2024-11-21 | 8.7 High |
| Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies. | ||||
| CVE-2023-2670 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228886 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-2620 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838. | ||||
| CVE-2023-2576 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch. | ||||
| CVE-2023-2541 | 1 Knime | 1 Business Hub | 2024-11-21 | 5.3 Medium |
| The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed. | ||||
| CVE-2023-29581 | 1 Yasm Project | 1 Yasm | 2024-11-21 | 5.5 Medium |
| yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to be input validation before data reaches libyasm, or a sandbox in which the application runs. | ||||
| CVE-2023-29500 | 1 Intel | 22 Nuc 11 Performance Kit Nuc11pahi3, Nuc 11 Performance Kit Nuc11pahi30z, Nuc 11 Performance Kit Nuc11pahi30z Firmware and 19 more | 2024-11-21 | 5.3 Medium |
| Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access. | ||||
| CVE-2023-29494 | 2 Bios Firmware, Intel | 49 Intel R Nucs, Nuc 11 Pro Board Nuc11tnbi3, Nuc 11 Pro Board Nuc11tnbi30z and 46 more | 2024-11-21 | 7.5 High |
| Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-29382 | 1 Zimbra | 1 Collaboration | 2024-11-21 | 9.8 Critical |
| An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component. | ||||
| CVE-2023-29381 | 1 Zimbra | 1 Collaboration | 2024-11-21 | 9.8 Critical |
| An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters. | ||||
| CVE-2023-29267 | 1 Ibm | 1 Db2 | 2024-11-21 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612. | ||||
| CVE-2023-29259 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Sterling Connect\, Linux Kernel and 2 more | 2024-11-21 | 3.7 Low |
| IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055. | ||||