Total
9853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35303 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
| USB Audio Class System Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-35163 | 1 Gobalsky | 1 Vega | 2024-11-21 | N/A | 6.0 MEDIUM |
| Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resulting in 5000USDT in that party’s general account. This is without depositing any more than the original 100USDT on the bridge. Despite this exploit requiring access to a validator's Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network. A patch is available in version 0.71.6. No known workarounds are available, however there are mitigations in place should this vulnerability be exploited. There are monitoring alerts for `mainnet1` in place to identify any issues of this nature including this vulnerability being exploited. The validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited. | |||||
| CVE-2023-35136 | 1 Zyxel | 20 Atp100, Atp100w, Atp200 and 17 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device. | |||||
| CVE-2023-34983 | 1 Intel | 10 Killer, Killer Wi-fi 6 Ax1650, Killer Wi-fi 6e Ax1675 and 7 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2023-34457 | 1 Mechanicalsoup Project | 1 Mechanicalsoup | 2024-11-21 | N/A | 5.9 MEDIUM |
| MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `<input type="file" ...>` inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took very specific (and manual) steps to reset HTML form field values. Version 1.3.0 contains a patch for this issue. | |||||
| CVE-2023-34422 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | N/A | 6.5 MEDIUM |
| A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation. | |||||
| CVE-2023-34421 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | N/A | 6.5 MEDIUM |
| A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation. | |||||
| CVE-2023-34317 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | N/A | 6.5 MEDIUM |
| An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2023-34150 | 1 Apache | 1 Any23 | 2024-11-21 | N/A | 6.5 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage. | |||||
| CVE-2023-33914 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2024-11-21 | N/A | 7.5 HIGH |
| In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information disclosure no additional execution privileges needed | |||||
| CVE-2023-33104 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Transient DOS while processing PDU Release command with a parameter PDU ID out of range. | |||||
| CVE-2023-33103 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Transient DOS while processing CAG info IE received from NW. | |||||
| CVE-2023-33100 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification. | |||||
| CVE-2023-33099 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. | |||||
| CVE-2023-33057 | 1 Qualcomm | 202 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 199 more | 2024-11-21 | N/A | 7.5 HIGH |
| Transient DOS in Multi-Mode Call Processor while processing UE policy container. | |||||
| CVE-2023-33042 | 1 Qualcomm | 148 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 145 more | 2024-11-21 | N/A | 7.5 HIGH |
| Transient DOS in Modem after RRC Setup message is received. | |||||
| CVE-2023-33014 | 1 Qualcomm | 74 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 71 more | 2024-11-21 | N/A | 7.6 HIGH |
| Information disclosure in Core services while processing a Diag command. | |||||
| CVE-2023-32890 | 1 Mediatek | 45 Lr13, Mt2735, Mt6779 and 42 more | 2024-11-21 | N/A | 7.5 HIGH |
| In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963). | |||||
| CVE-2023-32827 | 2 Google, Mediatek | 35 Android, Mt6879, Mt6886 and 32 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993539. | |||||
| CVE-2023-32826 | 2 Google, Mediatek | 35 Android, Mt6879, Mt6886 and 32 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993544. | |||||