Total
9762 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28743 | 1 Intel | 8 Nuc 9 Pro Compute Element Nuc9v7qnb, Nuc 9 Pro Compute Element Nuc9v7qnb Firmware, Nuc 9 Pro Compute Element Nuc9v7qnx and 5 more | 2024-02-28 | N/A | 7.8 HIGH |
| Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-36860 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-02-28 | N/A | 8.8 HIGH |
| Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2024-21625 | 1 Sidequestvr | 1 Sidequest | 2024-02-28 | N/A | 8.8 HIGH |
| SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly. | |||||
| CVE-2023-47705 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2024-02-28 | N/A | 4.3 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. IBM X-Force ID: 271228. | |||||
| CVE-2023-5274 | 1 Mitsubishielectric | 1 Gx Works2 | 2024-02-28 | N/A | 4.7 MEDIUM |
| Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running. | |||||
| CVE-2023-41355 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking. | |||||
| CVE-2023-20560 | 2 Amd, Microsoft | 4 Ryzen Master, Ryzen Master Monitoring Sdk, Windows 10 and 1 more | 2024-02-28 | N/A | 4.4 MEDIUM |
| Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service. | |||||
| CVE-2023-39388 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | N/A | 7.5 HIGH |
| Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability. | |||||
| CVE-2023-37833 | 1 Elenos | 2 Etg150, Etg150 Firmware | 2024-02-28 | N/A | 2.7 LOW |
| Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users. | |||||
| CVE-2022-47353 | 2 Google, Unisoc | 7 Android, S8000, T610 and 4 more | 2024-02-28 | N/A | 4.4 MEDIUM |
| In vdsp device, there is a possible system crash due to improper input validation.This could lead to local denial of service with System execution privileges needed | |||||
| CVE-2022-4925 | 1 Google | 1 Chrome | 2024-02-28 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low) | |||||
| CVE-2023-39381 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | N/A | 7.5 HIGH |
| Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart. | |||||
| CVE-2023-20231 | 1 Cisco | 74 Catalyst 9105ax, Catalyst 9105axi, Catalyst 9105axw and 71 more | 2024-02-28 | N/A | 8.8 HIGH |
| A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default. | |||||
| CVE-2023-44110 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | N/A | 4.3 MEDIUM |
| Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-34317 | 1 Openautomationsoftware | 1 Oas Platform | 2024-02-28 | N/A | 6.5 MEDIUM |
| An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2023-40800 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
| The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn. | |||||
| CVE-2023-3955 | 2 Kubernetes, Microsoft | 2 Kubernetes, Windows | 2024-02-28 | N/A | 8.8 HIGH |
| A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | |||||
| CVE-2023-4698 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 7.5 HIGH |
| Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2. | |||||
| CVE-2023-20232 | 1 Cisco | 1 Unified Contact Center Express | 2024-02-28 | N/A | 5.3 MEDIUM |
| A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific API endpoint on the Unified CCX Finesse Portal. A successful exploit could allow the attacker to cause the internal WebProxy to redirect users to an attacker-controlled host. | |||||
| CVE-2023-42527 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
| Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information. | |||||