Total
28663 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-0697 | 1 Google | 2 Android, Chrome | 2023-09-30 | N/A | 6.5 MEDIUM |
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2023-0700 | 1 Google | 1 Chrome | 2023-09-30 | N/A | 6.5 MEDIUM |
Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | |||||
CVE-2023-0704 | 1 Google | 1 Chrome | 2023-09-30 | N/A | 6.5 MEDIUM |
Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low) | |||||
CVE-2023-42453 | 1 Matrix | 1 Synapse | 2023-09-29 | N/A | 4.3 MEDIUM |
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
CVE-2023-42222 | 1 Webcatalog | 1 Webcatalog | 2023-09-29 | N/A | 8.8 HIGH |
WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. | |||||
CVE-2022-20716 | 1 Cisco | 7 Sd-wan, Sd-wan Manager, Sd-wan Solution and 4 more | 2023-09-29 | 7.2 HIGH | 7.8 HIGH |
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user. | |||||
CVE-2020-25654 | 2 Clusterlabs, Debian | 2 Pacemaker, Debian Linux | 2023-09-29 | 9.0 HIGH | 7.2 HIGH |
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. | |||||
CVE-2023-1995 | 6 Hitachi, Hp, Ibm and 3 more | 8 Hirdb Server, Hirdb Server With Additional Function, Hirdb Structured Data Access Facility and 5 more | 2023-09-27 | N/A | 7.5 HIGH |
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W , before 09-66-/Q ; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02. | |||||
CVE-2022-40964 | 1 Intel | 15 Killer, Killer Wi-fi 6 Ax1650i\/s, Killer Wi-fi 6e Ax1675i\/s and 12 more | 2023-09-27 | N/A | 6.7 MEDIUM |
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-27635 | 1 Intel | 15 Killer, Killer Wi-fi 6 Ax1650i\/s, Killer Wi-fi 6e Ax1675i\/s and 12 more | 2023-09-27 | N/A | 6.7 MEDIUM |
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-46329 | 1 Intel | 4 Killer, Proset\/wireless Wifi, Uefi Firmware and 1 more | 2023-09-27 | N/A | 6.7 MEDIUM |
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-4258 | 1 Zephyrproject | 1 Zephyr | 2023-09-26 | N/A | 6.5 MEDIUM |
In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. | |||||
CVE-2023-43141 | 1 Totolink | 4 A3700r, A3700r Firmware, N600r and 1 more | 2023-09-26 | N/A | 9.8 CRITICAL |
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. | |||||
CVE-2023-1260 | 2 Kubernetes, Redhat | 2 Kube-apiserver, Openshift Container Platform | 2023-09-26 | N/A | 9.1 CRITICAL |
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. | |||||
CVE-2023-20593 | 3 Amd, Debian, Xen | 140 Athlon Gold 7220u, Athlon Gold 7220u Firmware, Epyc 7232p and 137 more | 2023-09-25 | N/A | 5.5 MEDIUM |
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. | |||||
CVE-2023-0627 | 1 Docker | 1 Docker Desktop | 2023-09-25 | N/A | 7.8 HIGH |
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X. | |||||
CVE-2023-31718 | 1 Frangoteam | 1 Fuxa | 2023-09-25 | N/A | 7.5 HIGH |
FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. | |||||
CVE-2023-31716 | 1 Frangoteam | 1 Fuxa | 2023-09-25 | N/A | 7.5 HIGH |
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log | |||||
CVE-2007-1923 | 2 Dws Systems Inc., Ledgersmb | 2 Sql-ledger, Ledgersmb | 2023-09-25 | 7.5 HIGH | N/A |
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0. | |||||
CVE-2020-10627 | 1 Insulet | 2 Omnipod Insulin Management System, Omnipod Insulin Management System Firmware | 2023-09-25 | 4.8 MEDIUM | 8.1 HIGH |
Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. |