Total
200 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-20246 | 2 Cisco, Snort | 3 Firepower Threat Defense, Ios Xe, Snort | 2024-02-06 | N/A | 5.3 MEDIUM |
Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system. | |||||
CVE-2023-6044 | 1 Lenovo | 1 Vantage | 2024-01-26 | N/A | 6.8 MEDIUM |
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. | |||||
CVE-2021-32076 | 1 Solarwinds | 1 Web Help Desk | 2024-01-25 | 5.0 MEDIUM | 5.3 MEDIUM |
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback. | |||||
CVE-2023-20256 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-01-25 | N/A | 5.8 MEDIUM |
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected. | |||||
CVE-2023-20245 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-01-25 | N/A | 5.8 MEDIUM |
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected. | |||||
CVE-2024-0454 | 1 Emc | 2 Elan Match-on-chip Fpr Solution, Elan Match-on-chip Fpr Solution Firmware | 2024-01-22 | N/A | 6.1 MEDIUM |
ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform. | |||||
CVE-2023-4566 | 1 Huawei | 2 Emui, Harmonyos | 2024-01-19 | N/A | 7.5 HIGH |
Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
CVE-2023-44117 | 1 Huawei | 2 Emui, Harmonyos | 2024-01-19 | N/A | 7.5 HIGH |
Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
CVE-2023-51350 | 1 Ujcms | 1 Ujcms | 2024-01-18 | N/A | 9.8 CRITICAL |
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header. | |||||
CVE-2024-20674 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-01-14 | N/A | 8.8 HIGH |
Windows Kerberos Security Feature Bypass Vulnerability | |||||
CVE-2023-49794 | 1 Kernelsu | 1 Kernelsu | 2024-01-08 | N/A | 7.8 HIGH |
KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named `me.weishu.kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager, it can take over root privileges on the device. As of time of publication, a patched version is not available. | |||||
CVE-2023-32207 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-01-07 | N/A | 8.8 HIGH |
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
CVE-2021-1677 | 1 Microsoft | 1 Azure Kubernetes Service | 2023-12-29 | 2.1 LOW | 5.5 MEDIUM |
Azure Active Directory Pod Identity Spoofing Vulnerability | |||||
CVE-2021-34466 | 1 Microsoft | 1 Windows 10 | 2023-12-28 | 3.6 LOW | 5.7 MEDIUM |
Windows Hello Security Feature Bypass Vulnerability | |||||
CVE-2021-43220 | 1 Microsoft | 1 Edge Ios | 2023-12-28 | 5.0 MEDIUM | 3.1 LOW |
Microsoft Edge for iOS Spoofing Vulnerability | |||||
CVE-2021-42308 | 1 Microsoft | 1 Edge Chromium | 2023-12-28 | 5.0 MEDIUM | 3.1 LOW |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
CVE-2021-42320 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2023-12-28 | 3.5 LOW | 5.7 MEDIUM |
Microsoft SharePoint Server Spoofing Vulnerability | |||||
CVE-2022-35770 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 6.5 MEDIUM |
Windows NTLM Spoofing Vulnerability | |||||
CVE-2022-34689 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 7.5 HIGH |
Windows CryptoAPI Spoofing Vulnerability | |||||
CVE-2023-6263 | 1 Networkoptix | 1 Nxcloud | 2023-12-18 | N/A | 8.1 HIGH |
An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server. |