Total
21863 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32334 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2023-06-10 | N/A | 5.3 MEDIUM |
| IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074. | |||||
| CVE-2023-33733 | 1 Reportlab | 1 Reportlab | 2023-06-09 | N/A | 7.8 HIGH |
| Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. | |||||
| CVE-2023-29344 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-06-09 | N/A | 7.3 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2023-28469 | 1 Arm | 2 Avalon Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2023-06-09 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0. | |||||
| CVE-2023-29724 | 1 Bt21 X Bts Wallpaper Project | 1 Bt21 X Bts Wallpaper | 2023-06-09 | N/A | 7.8 HIGH |
| The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack. | |||||
| CVE-2023-27745 | 1 Southrivertech | 1 Titan Ftp Server Nextgen | 2023-06-09 | N/A | 8.8 HIGH |
| An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server. | |||||
| CVE-2023-27744 | 1 Southrivertech | 1 Titan Ftp Server Nextgen | 2023-06-09 | N/A | 7.8 HIGH |
| An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution. | |||||
| CVE-2023-28147 | 1 Arm | 4 Avalon Gpu Kernel Driver, Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver and 1 more | 2023-06-09 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0. | |||||
| CVE-2023-25752 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-06-09 | N/A | 6.5 MEDIUM |
| When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | |||||
| CVE-2023-0767 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-06-09 | N/A | 8.8 HIGH |
| An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | |||||
| CVE-2023-32690 | 1 Dmtf | 1 Libspdm | 2023-06-09 | N/A | 7.5 HIGH |
| libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that requires a cryptography operation by the Responder, such as CHALLENGE, libspdm will calculate the timeout value using the Responder's unvalidated CTExponent. A patch is available in version 2.3.3. A workaround is also available. After completion of VCA, the Requester can check the value of the Responder's CTExponent. If it greater than or equal to 64, then the Requester can stop communication with the Responder. | |||||
| CVE-2023-29746 | 1 Thethaiger | 1 The Thaiger | 2023-06-09 | N/A | 9.8 CRITICAL |
| An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files. | |||||
| CVE-2023-29725 | 1 Bt21 X Bts Wallpaper Project | 1 Bt21 X Bts Wallpaper | 2023-06-09 | N/A | 5.5 MEDIUM |
| The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack. | |||||
| CVE-2023-33143 | 1 Microsoft | 1 Edge Chromium | 2023-06-09 | N/A | 7.5 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2023-28164 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-06-09 | N/A | 6.5 MEDIUM |
| Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | |||||
| CVE-2022-4332 | 1 Sprecher-automation | 12 Sprecon-e-c, Sprecon-e-c Firmware, Sprecon-e-p Dl6-1 and 9 more | 2023-06-09 | N/A | 6.8 MEDIUM |
| In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device. | |||||
| CVE-2023-34091 | 1 Nirmata | 1 Kyverno | 2023-06-09 | N/A | 6.5 MEDIUM |
| Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the `deletionTimestamp` field defined can bypass validate, generate, or mutate-existing policies, even in cases where the `validationFailureAction` field is set to `Enforce`. This situation occurs as resources pending deletion were being consciously exempted by Kyverno, as a way to reduce processing load as policies are typically not applied to objects which are being deleted. However, this could potentially result in allowing a malicious user to leverage the Kubernetes finalizers feature by setting a finalizer which causes the Kubernetes API server to set the `deletionTimestamp` and then not completing the delete operation as a way to explicitly to bypass a Kyverno policy. Note that this is not applicable to Kubernetes Pods but, as an example, a Kubernetes Service resource can be manipulated using an indefinite finalizer to bypass policies. This is resolved in Kyverno 1.10.0. There is no known workaround. | |||||
| CVE-2023-28322 | 1 Haxx | 1 Curl | 2023-06-09 | N/A | 9.1 CRITICAL |
| An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. | |||||
| CVE-2023-1387 | 1 Grafana | 1 Grafana | 2023-06-09 | N/A | 7.5 HIGH |
| Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana. | |||||
| CVE-2023-29533 | 1 Mozilla | 4 Firefox, Firefox Esr, Focus and 1 more | 2023-06-09 | N/A | 6.5 MEDIUM |
| A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | |||||