Total
231915 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-5367 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Enterprise Linux and 2 more | 2023-11-30 | N/A | 7.8 HIGH |
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service. | |||||
CVE-2023-31417 | 1 Elastic | 1 Elasticsearch | 2023-11-30 | N/A | 7.5 HIGH |
Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords and tokens might be printed in cleartext in Elasticsearch audit logs. Note that audit logging is disabled by default and needs to be explicitly enabled and even when audit logging is enabled, request bodies that could contain sensitive information are not printed to the audit log unless explicitly configured. | |||||
CVE-2023-48894 | 2023-11-30 | N/A | N/A | ||
Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function. | |||||
CVE-2023-3676 | 2 Kubernetes, Microsoft | 2 Kubernetes, Windows | 2023-11-30 | N/A | 8.8 HIGH |
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | |||||
CVE-2023-5909 | 2023-11-30 | N/A | N/A | ||
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. | |||||
CVE-2023-4163 | 1 Broadcom | 1 Fabric Operating System | 2023-11-30 | N/A | 4.4 MEDIUM |
In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. | |||||
CVE-2023-39226 | 2023-11-30 | N/A | N/A | ||
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet. | |||||
CVE-2023-5908 | 2023-11-30 | N/A | N/A | ||
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information. | |||||
CVE-2023-47207 | 2023-11-30 | N/A | N/A | ||
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges. | |||||
CVE-2023-5678 | 1 Openssl | 1 Openssl | 2023-11-30 | N/A | 5.3 MEDIUM |
Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. | |||||
CVE-2023-46690 | 2023-11-30 | N/A | N/A | ||
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution. | |||||
CVE-2023-31418 | 1 Elastic | 2 Elastic Cloud Enterprise, Elasticsearch | 2023-11-30 | N/A | 7.5 HIGH |
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild. | |||||
CVE-2022-4900 | 2 Php, Redhat | 3 Php, Linux, Software Collections | 2023-11-30 | N/A | 5.5 MEDIUM |
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. | |||||
CVE-2023-5574 | 2 Redhat, X.org | 3 Enterprise Linux, X Server, Xwayland | 2023-11-30 | N/A | 7.0 HIGH |
A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service. | |||||
CVE-2023-48947 | 1 Openlinksw | 1 Virtuoso | 2023-11-30 | N/A | 7.5 HIGH |
An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | |||||
CVE-2023-48948 | 1 Openlinksw | 1 Virtuoso | 2023-11-30 | N/A | 7.5 HIGH |
An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | |||||
CVE-2023-48949 | 1 Openlinksw | 1 Virtuoso | 2023-11-30 | N/A | 7.5 HIGH |
An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | |||||
CVE-2023-48946 | 1 Openlinksw | 1 Virtuoso | 2023-11-30 | N/A | 7.5 HIGH |
An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | |||||
CVE-2023-48950 | 1 Openlinksw | 1 Virtuoso | 2023-11-30 | N/A | 7.5 HIGH |
An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | |||||
CVE-2023-48951 | 1 Openlinksw | 1 Virtuoso | 2023-11-30 | N/A | 7.5 HIGH |
An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. |