Total
11506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32826 | 2 Google, Mediatek | 35 Android, Mt6879, Mt6886 and 32 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993544. | |||||
| CVE-2023-32820 | 4 Google, Linux, Linuxfoundation and 1 more | 43 Android, Linux Kernel, Yocto and 40 more | 2024-11-21 | N/A | 7.5 HIGH |
| In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637. | |||||
| CVE-2023-32811 | 3 Google, Linuxfoundation, Mediatek | 21 Android, Yocto, Iot Yocto and 18 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848. | |||||
| CVE-2023-32728 | 1 Zabbix | 1 Zabbix-agent2 | 2024-11-21 | N/A | 4.6 MEDIUM |
| The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution. | |||||
| CVE-2023-32695 | 1 Socket | 1 Socket.io-parser | 2024-11-21 | N/A | 7.3 HIGH |
| socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3. | |||||
| CVE-2023-32690 | 1 Dmtf | 1 Libspdm | 2024-11-21 | N/A | 5.7 MEDIUM |
| libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that requires a cryptography operation by the Responder, such as CHALLENGE, libspdm will calculate the timeout value using the Responder's unvalidated CTExponent. A patch is available in version 2.3.3. A workaround is also available. After completion of VCA, the Requester can check the value of the Responder's CTExponent. If it greater than or equal to 64, then the Requester can stop communication with the Responder. | |||||
| CVE-2023-32688 | 1 Parseplatform | 1 Parse Server Push Adapter | 2024-11-21 | N/A | 4.9 MEDIUM |
| parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3. | |||||
| CVE-2023-32649 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-11-21 | N/A | 7.5 HIGH |
| A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets. During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed. | |||||
| CVE-2023-32641 | 1 Intel | 1 Quickassist Technology | 2024-11-21 | N/A | 7.3 HIGH |
| Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access. | |||||
| CVE-2023-32617 | 1 Intel | 46 Compute Stick Stk2mv64cc, Compute Stick Stk2mv64cc Firmware, Nuc 7 Enthusiast Nuc7i7bnhxg and 43 more | 2024-11-21 | N/A | 8.2 HIGH |
| Improper input validation in some Intel(R) NUC Rugged Kit, Intel(R) NUC Kit and Intel(R) Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32485 | 1 Dell | 1 Smartfabric Storage Software | 2024-11-21 | N/A | 9.8 CRITICAL |
| Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2023-32480 | 1 Dell | 62 Alienware M15 R7, Alienware M15 R7 Firmware, G15 5510 and 59 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution. | |||||
| CVE-2023-32469 | 1 Dell | 6 Precision 5820, Precision 5820 Firmware, Precision 7820 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
| Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution. | |||||
| CVE-2023-32463 | 1 Dell | 90 Vxrail D560, Vxrail D560 Firmware, Vxrail D560f and 87 more | 2024-11-21 | N/A | 3.4 LOW |
| Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction. | |||||
| CVE-2023-32321 | 1 Okfn | 1 Ckan | 2024-11-21 | N/A | 9.8 CRITICAL |
| CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in `resource_create` and `package_update` actions, using the `ResourceUploader` object. Also reachable via `package_create`, `package_revise`, and `package_patch` via calls to `package_update`. Remote code execution via unsafe pickle loading, via Beaker's session store when configured to use the file session store backend. Potential DOS due to lack of a length check on the resource id. Information disclosure: A user with permission to create a resource can access any other resource on the system if they know the id, even if they don't have access to it. Resource overwrite: A user with permission to create a resource can overwrite any resource if they know the id, even if they don't have access to it. A user with permissions to create or edit a dataset can upload a resource with a specially crafted id to write the uploaded file in an arbitrary location. This can be leveraged to Remote Code Execution via Beaker's insecure pickle loading. All the above listed vulnerabilities have been fixed in CKAN 2.9.9 and CKAN 2.10.1. Users are advised to upgrade. There are no known workarounds for these issues. | |||||
| CVE-2023-32305 | 2 Aiven, Postgresql | 2 Aiven, Postgresql | 2024-11-21 | N/A | 8.8 HIGH |
| aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9. | |||||
| CVE-2023-32075 | 1 Pimcore | 1 Customer Management Framework | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Users should update to version 3.3.9 to receive a patch or, as a workaround, or apply the patch manually. | |||||
| CVE-2023-32057 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | |||||
| CVE-2023-32037 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability | |||||
| CVE-2023-32032 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2024-11-21 | N/A | 6.5 MEDIUM |
| .NET and Visual Studio Elevation of Privilege Vulnerability | |||||