Total
809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28378 | 2 Intel, Microsoft | 4 Quickassist Technology, Quickassist Technology Firmware, Quickassist Technology Library and 1 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper authorization in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28055 | 1 Dell | 1 Networker | 2024-11-21 | N/A | 8.8 HIGH |
| Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2023-27594 | 1 Cilium | 1 Cilium | 2024-11-21 | N/A | 4.2 MEDIUM |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which Cilium is running. As a consequence, network policies for that cluster might be bypassed, depending on the specific network policies enabled. This issue only manifests when Cilium is routing IPv6 traffic and NodePorts are used to route traffic to pods. IPv6 and endpoint routes are both disabled by default. The problem has been fixed and is available on versions 1.11.15, 1.12.8, and 1.13.1. As a workaround, disable IPv6 routing. | |||||
| CVE-2023-26466 | 1 Pega | 1 Synchronization Engine | 2024-11-21 | N/A | 7.8 HIGH |
| A user with non-Admin access can change a configuration file on the client to modify the Server URL. | |||||
| CVE-2023-25517 | 4 Citrix, Nvidia, Redhat and 1 more | 4 Hypervisor, Gpu Display Driver, Enterprise Linux Kernel-based Virtual Machine and 1 more | 2024-11-21 | N/A | 7.1 HIGH |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering. | |||||
| CVE-2023-25074 | 1 Gallagher | 1 Command Centre | 2024-11-21 | N/A | 7.1 HIGH |
| Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior. | |||||
| CVE-2023-24476 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | N/A | 1.8 LOW |
| An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid. | |||||
| CVE-2023-23696 | 1 Dell | 1 Command \| Intel Vpro Out Of Band | 2024-11-21 | N/A | 7.0 HIGH |
| Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system. | |||||
| CVE-2023-23568 | 1 Gallagher | 1 Command Centre | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior | |||||
| CVE-2023-22938 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance. | |||||
| CVE-2023-22931 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default. | |||||
| CVE-2023-22636 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A | 7.0 HIGH |
| An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request. | |||||
| CVE-2023-22480 | 1 Fit2cloud | 1 Kubeoperator | 2024-11-21 | N/A | 7.3 HIGH |
| KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4. | |||||
| CVE-2023-22428 | 1 Gallagher | 1 Command Centre | 2024-11-21 | N/A | 7.6 HIGH |
| Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior. | |||||
| CVE-2023-22348 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | |||||
| CVE-2023-21549 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 11 more | 2024-11-21 | N/A | 8.8 HIGH |
| Windows SMB Witness Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-21505 | 1 Samsung | 1 Samsung Core Services | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox. | |||||
| CVE-2023-21461 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity. | |||||
| CVE-2023-21454 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 2.4 LOW |
| Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen. | |||||
| CVE-2023-21452 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device. | |||||