Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 28663 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-0697 1 Google 2 Android, Chrome 2023-09-30 N/A 6.5 MEDIUM
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High)
CVE-2023-0700 1 Google 1 Chrome 2023-09-30 N/A 6.5 MEDIUM
Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-0704 1 Google 1 Chrome 2023-09-30 N/A 6.5 MEDIUM
Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-42453 1 Matrix 1 Synapse 2023-09-29 N/A 4.3 MEDIUM
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2023-42222 1 Webcatalog 1 Webcatalog 2023-09-29 N/A 8.8 HIGH
WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
CVE-2022-20716 1 Cisco 7 Sd-wan, Sd-wan Manager, Sd-wan Solution and 4 more 2023-09-29 7.2 HIGH 7.8 HIGH
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user.
CVE-2020-25654 2 Clusterlabs, Debian 2 Pacemaker, Debian Linux 2023-09-29 9.0 HIGH 7.2 HIGH
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
CVE-2023-1995 6 Hitachi, Hp, Ibm and 3 more 8 Hirdb Server, Hirdb Server With Additional Function, Hirdb Structured Data Access Facility and 5 more 2023-09-27 N/A 7.5 HIGH
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W , before 09-66-/Q ; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.
CVE-2022-40964 1 Intel 15 Killer, Killer Wi-fi 6 Ax1650i\/s, Killer Wi-fi 6e Ax1675i\/s and 12 more 2023-09-27 N/A 6.7 MEDIUM
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-27635 1 Intel 15 Killer, Killer Wi-fi 6 Ax1650i\/s, Killer Wi-fi 6e Ax1675i\/s and 12 more 2023-09-27 N/A 6.7 MEDIUM
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-46329 1 Intel 4 Killer, Proset\/wireless Wifi, Uefi Firmware and 1 more 2023-09-27 N/A 6.7 MEDIUM
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-4258 1 Zephyrproject 1 Zephyr 2023-09-26 N/A 6.5 MEDIUM
In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.
CVE-2023-43141 1 Totolink 4 A3700r, A3700r Firmware, N600r and 1 more 2023-09-26 N/A 9.8 CRITICAL
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.
CVE-2023-1260 2 Kubernetes, Redhat 2 Kube-apiserver, Openshift Container Platform 2023-09-26 N/A 9.1 CRITICAL
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.
CVE-2023-20593 3 Amd, Debian, Xen 140 Athlon Gold 7220u, Athlon Gold 7220u Firmware, Epyc 7232p and 137 more 2023-09-25 N/A 5.5 MEDIUM
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
CVE-2023-0627 1 Docker 1 Docker Desktop 2023-09-25 N/A 7.8 HIGH
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.
CVE-2023-31718 1 Frangoteam 1 Fuxa 2023-09-25 N/A 7.5 HIGH
FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.
CVE-2023-31716 1 Frangoteam 1 Fuxa 2023-09-25 N/A 7.5 HIGH
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log
CVE-2007-1923 2 Dws Systems Inc., Ledgersmb 2 Sql-ledger, Ledgersmb 2023-09-25 7.5 HIGH N/A
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.
CVE-2020-10627 1 Insulet 2 Omnipod Insulin Management System, Omnipod Insulin Management System Firmware 2023-09-25 4.8 MEDIUM 8.1 HIGH
Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.