Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0821 | 1 Hashicorp | 1 Nomad | 2024-11-21 | N/A | 6.5 MEDIUM |
| HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4. | |||||
| CVE-2023-0777 | 1 Modoboa | 1 Modoboa | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. | |||||
| CVE-2023-0744 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4. | |||||
| CVE-2023-0697 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-0665 | 1 Hashicorp | 1 Vault | 2024-11-21 | N/A | 6.5 MEDIUM |
| HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9. | |||||
| CVE-2023-0627 | 1 Docker | 1 Docker Desktop | 2024-11-21 | N/A | 6.7 MEDIUM |
| Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X. | |||||
| CVE-2023-0584 | 1 Vektor-inc | 1 Vk Blocks | 2024-11-21 | N/A | 4.3 MEDIUM |
| The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vk_font_awesome_version' option to an arbitrary value. | |||||
| CVE-2023-0583 | 1 Vektor-inc | 1 Vk Blocks | 2024-11-21 | N/A | 4.3 MEDIUM |
| The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons. | |||||
| CVE-2023-0581 | 1 Lcweb | 1 Privatecontent | 2024-11-21 | N/A | 5.3 MEDIUM |
| The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it possible for unauthenticated attackers to bypass any login restrictions that may prevent a brute force attack. | |||||
| CVE-2023-0475 | 1 Hashicorp | 1 Go-getter | 2024-11-21 | N/A | 4.2 MEDIUM |
| HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0. | |||||
| CVE-2023-0451 | 1 Econolite | 1 Eos | 2024-11-21 | N/A | 7.5 HIGH |
| Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and technicians. | |||||
| CVE-2023-0435 | 1 Pyload | 1 Pyload | 2024-11-21 | N/A | 9.8 CRITICAL |
| Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41. | |||||
| CVE-2023-0348 | 1 Akuvox | 2 E11, E11 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Akuvox E11 allows direct SIP calls. No access control is enforced by the SIP servers, which could allow an attacker to contact any device within Akuvox to call any other device. | |||||
| CVE-2023-0344 | 1 Akuvox | 2 E11, E11 Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server. | |||||
| CVE-2023-0205 | 1 Nvidia | 4 Connectx-5, Connectx-6, Connectx-6-dx and 1 more | 2024-11-21 | N/A | 5.0 MEDIUM |
| NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. | |||||
| CVE-2023-0120 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 3.5 LOW |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user. | |||||
| CVE-2023-0002 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2024-11-21 | N/A | 5.5 MEDIUM |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. | |||||
| CVE-2022-4968 | 1 Canonical | 1 Netplan | 2024-11-21 | N/A | 6.5 MEDIUM |
| netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected. | |||||
| CVE-2022-4927 | 1 Ualberta | 1 Neosdiscovery | 2024-11-21 | 6.5 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The patch is named abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287. | |||||
| CVE-2022-4879 | 1 Forged Alliance Forever Project | 1 Forged Alliance Forever | 2024-11-21 | 4.1 MEDIUM | 4.6 MEDIUM |
| A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Vote Handler. The manipulation leads to improper authorization. Upgrading to version 3747 is able to address this issue. The patch is named 6880971bd3d73d942384aff62d53058c206ce644. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217555. | |||||