Total
13277 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31010 | 1 Nvidia | 3 Dgx H100, Dgx H100 Bmc, Dgx H100 Firmware | 2024-11-21 | 6.8 Medium |
| NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, and denial of service. | ||||
| CVE-2023-31009 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2024-11-21 | 8.3 High |
| NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure. | ||||
| CVE-2023-31008 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2024-11-21 | 7.3 High |
| NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, escalation of privileges, and information disclosure. | ||||
| CVE-2023-30952 | 1 Palantir | 1 Foundry | 2024-11-21 | 5 Medium |
| A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 . | ||||
| CVE-2023-30712 | 1 Samsung | 1 Android | 2024-11-21 | 6.8 Medium |
| Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity. | ||||
| CVE-2023-30690 | 1 Samsung | 1 Android | 2024-11-21 | 8.5 High |
| Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities. | ||||
| CVE-2023-30664 | 1 Samsung | 1 Android | 2024-11-21 | 8.5 High |
| Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. | ||||
| CVE-2023-30663 | 1 Samsung | 1 Android | 2024-11-21 | 5.3 Medium |
| Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write. | ||||
| CVE-2023-30659 | 1 Samsung | 1 Android | 2024-11-21 | 6.2 Medium |
| Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. | ||||
| CVE-2023-30658 | 1 Samsung | 1 Android | 2024-11-21 | 8.5 High |
| Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. | ||||
| CVE-2023-30657 | 1 Samsung | 1 Android | 2024-11-21 | 6.2 Medium |
| Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. | ||||
| CVE-2023-30656 | 1 Samsung | 1 Android | 2024-11-21 | 8.5 High |
| Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities. | ||||
| CVE-2023-30655 | 1 Samsung | 1 Android | 2024-11-21 | 8.5 High |
| Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. | ||||
| CVE-2023-30559 | 1 Bd | 2 Alaris 8015 Pcu, Alaris 8015 Pcu Firmware | 2024-11-21 | 5.2 Medium |
| The firmware update package for the wireless card is not properly signed and can be modified. | ||||
| CVE-2023-2917 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2024-11-21 | 9.8 Critical |
| The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities. | ||||
| CVE-2023-2915 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2024-11-21 | 7.5 High |
| The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition. | ||||
| CVE-2023-2914 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2024-11-21 | 7.5 High |
| The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software. | ||||
| CVE-2023-2315 | 1 Opencart | 1 Opencart | 2024-11-21 | 8.1 High |
| Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server | ||||
| CVE-2023-2267 | 1 Selinc | 2 Sel-411l, Sel-411l Firmware | 2024-11-21 | 4.3 Medium |
| An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details. | ||||
| CVE-2023-2071 | 1 Rockwellautomation | 2 Factorytalk View, Panelview Plus | 2024-11-21 | 9.8 Critical |
| Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that restricts it to execute specific functions from two dynamic link library files. By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function. | ||||