Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33873 | 1 Aveva | 13 Batch Management, Communication Drivers, Edge and 10 more | 2024-11-21 | N/A | 7.8 HIGH |
| This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine. | |||||
| CVE-2023-33872 | 1 Intel | 1 Support | 2024-11-21 | N/A | 5.5 MEDIUM |
| Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-33847 | 3 Hp, Ibm, Linux | 5 Hp-ux, Aix, Cics Tx and 2 more | 2024-11-21 | N/A | 3.7 LOW |
| IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102. | |||||
| CVE-2023-33743 | 1 Teleadapt | 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Access Control; specifically, Android Debug Bridge (adb) is available. | |||||
| CVE-2023-33301 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 6.5 MEDIUM |
| An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host. | |||||
| CVE-2023-33224 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | |||||
| CVE-2023-33198 | 1 Tgstation13 | 1 Tgstation-server | 2024-11-21 | N/A | 6.1 MEDIUM |
| tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance's chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise. | |||||
| CVE-2023-33192 | 1 Tweedegolf | 1 Ntpd-rs | 2024-11-21 | N/A | 7.5 HIGH |
| ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS packets. The issue was caused by improper slice indexing. The indexing operations were replaced by safer alternatives that do not crash the ntpd-rs server process but instead properly handle the error condition. A patch was released in version 0.3.3. | |||||
| CVE-2023-33189 | 1 Pomerium | 1 Pomerium | 2024-11-21 | N/A | 10.0 CRITICAL |
| Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2. | |||||
| CVE-2023-32809 | 2 Google, Mediatek | 35 Android, Mt2713, Mt6779 and 32 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849753; Issue ID: ALPS07849753. | |||||
| CVE-2023-32808 | 2 Google, Mediatek | 35 Android, Mt2713, Mt6779 and 32 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751; Issue ID: ALPS07849751. | |||||
| CVE-2023-32731 | 1 Grpc | 1 Grpc | 2024-11-21 | N/A | 7.4 HIGH |
| When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005 | |||||
| CVE-2023-32717 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 4.3 MEDIUM |
| On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job. | |||||
| CVE-2023-32710 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 4.8 MEDIUM |
| In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run. | |||||
| CVE-2023-32709 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint. | |||||
| CVE-2023-32662 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32651 | 1 Intel | 7 Killer, Killer Wi-fi 6e Ax1675, Killer Wi-fi 6e Ax1690 and 4 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2023-32645 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-32634 | 1 Softether | 1 Vpn | 2024-11-21 | N/A | 7.8 HIGH |
| An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability. | |||||
| CVE-2023-32626 | 1 Elecom | 4 Lan-w300n\/pr5, Lan-w300n\/pr5 Firmware, Lan-w300n\/rs and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. | |||||