Total
9762 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-24941 | 1 Jetbrains | 1 Intellij Idea | 2024-02-28 | N/A | 5.3 MEDIUM |
| In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL | |||||
| CVE-2023-50262 | 1 Dompdf Project | 1 Dompdf | 2024-02-28 | N/A | 7.5 HIGH |
| Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. php-svg-lib, when run in isolation, does not support SVG references for `image` elements. However, when used in combination with Dompdf, php-svg-lib will process SVG images referenced by an `image` element. Dompdf currently includes validation to prevent self-referential `image` references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion by chaining references between two or more SVG images. When Dompdf parses a malicious payload, it will crash due after exceeding the allowed execution time or memory usage. An attacker sending multiple request to a system can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 2.0.4 contains a fix for this issue. | |||||
| CVE-2023-22439 | 1 Gallagher | 4 Command Centre, Controller 6000, Controller 6000 Firmware and 1 more | 2024-02-28 | N/A | 4.3 MEDIUM |
| Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior. | |||||
| CVE-2023-22337 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
| Improper input validation for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2023-32462 | 2024-02-28 | N/A | 9.8 CRITICAL | ||
| Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2024-22199 | 1 Gofiber | 1 Django | 2024-02-28 | N/A | 6.1 MEDIUM |
| This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. The vulnerability has been addressed, the template engine now defaults to having autoescape set to `true`, effectively mitigating the risk of XSS attacks. | |||||
| CVE-2023-49082 | 1 Aiohttp | 1 Aiohttp | 2024-02-28 | N/A | 5.3 MEDIUM |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0. | |||||
| CVE-2023-49095 | 1 Nexryai | 1 Nexkey | 2024-02-28 | N/A | 7.5 HIGH |
| nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2. | |||||
| CVE-2023-31289 | 1 Pexip | 1 Pexip Infinity | 2024-02-28 | N/A | 7.5 HIGH |
| Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort. | |||||
| CVE-2023-49291 | 2024-02-28 | N/A | 9.8 CRITICAL | ||
| tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The `tj-actions/branch-names` GitHub Actions improperly references the `github.event.pull_request.head.ref` and `github.head_ref` context variables within a GitHub Actions `run` step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name. As a result an attacker can use this vulnerability to steal secrets from or abuse `GITHUB_TOKEN` permissions. This vulnerability has been addressed in version 7.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-32469 | 1 Dell | 6 Precision 5820, Precision 5820 Firmware, Precision 7820 and 3 more | 2024-02-28 | N/A | 6.7 MEDIUM |
| Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution. | |||||
| CVE-2023-51747 | 2024-02-28 | N/A | N/A | ||
| Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypass SPF checks. The patch implies enforcement of CRLF as a line delimiter as part of the DATA transaction. We recommend James users to upgrade to non vulnerable versions. | |||||
| CVE-2023-32484 | 2024-02-28 | N/A | 9.8 CRITICAL | ||
| Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2023-48608 | 1 Adobe | 1 Experience Manager | 2024-02-28 | N/A | 3.5 LOW |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vulnerability. A low-privileged attacker could leverage this vulnerability to achieve a low-integrity impact within the application. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-28738 | 1 Intel | 12 Nuc 7 Essential Nuc7cjysamn, Nuc 7 Essential Nuc7cjysamn Firmware, Nuc Kit Nuc7cjyh and 9 more | 2024-02-28 | N/A | 7.8 HIGH |
| Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-27519 | 1 Intel | 10 Optane Memory H20 With Solid State Storage, Optane Memory H20 With Solid State Storage Firmware, Optane Ssd 900p and 7 more | 2024-02-28 | N/A | 7.8 HIGH |
| Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-5079 | 1 Lenovo | 1 Lecloud | 2024-02-28 | N/A | 7.5 HIGH |
| Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure. | |||||
| CVE-2023-29495 | 1 Intel | 4 Nuc 8 Mainstream-g Kit Nuc8i5inh, Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware, Nuc 8 Mainstream-g Kit Nuc8i7inh and 1 more | 2024-02-28 | N/A | 7.8 HIGH |
| Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-38131 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-02-28 | N/A | 6.5 MEDIUM |
| Improper input validationation for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access. | |||||
| CVE-2023-39411 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-02-28 | N/A | 4.4 MEDIUM |
| Improper input validationation for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | |||||