Total
9762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-39950 | 1 Siemens | 1 Efibootguard | 2024-02-28 | N/A | 5.2 MEDIUM |
efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into `bg_setenv`) or programs using `libebgenv`. This is triggered when the affected components try to modify a manipulated environment, in particular its user variables. Furthermore, `bg_printenv` may crash over invalid read accesses or report invalid results. Not affected by this issue is EFI Boot Guard's bootloader EFI binary. EFI Boot Guard release v0.15 contains required patches to sanitize and validate the bootloader environment prior to processing it in userspace. Its library and tools should be updated, so should programs statically linked against it. An update of the bootloader EFI executable is not required. The only way to prevent the issue with an unpatched EFI Boot Guard version is to avoid accesses to user variables, specifically modifications to them. | |||||
CVE-2023-3704 | 1 Cpplusworld | 18 Cp-uvr-0401l1-4kh, Cp-uvr-0401l1-4kh Firmware, Cp-uvr-0401l1b-4kh and 15 more | 2024-02-28 | N/A | 5.3 MEDIUM |
The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device. | |||||
CVE-2023-31010 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, and denial of service. | |||||
CVE-2023-45128 | 1 Gofiber | 1 Fiber | 2024-02-28 | N/A | 8.8 HIGH |
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform various malicious actions on behalf of an authenticated user, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This issue has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes as defense in depth measures. There are no known workarounds for this vulnerability. | |||||
CVE-2023-40798 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability. | |||||
CVE-2022-43713 | 1 Gxsoftware | 1 Xperiencentral | 2024-02-28 | N/A | 7.5 HIGH |
Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed. | |||||
CVE-2023-39389 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | N/A | 7.5 HIGH |
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability. | |||||
CVE-2023-41316 | 1 Tolgee | 1 Tolgee | 2024-02-28 | N/A | 5.4 MEDIUM |
Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitation emails which appear as legitimate org invitations. Bad actors may direct users to malicious website or execute javascript in the context of the users browser. This vulnerability has been addressed in version 3.29.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2023-26367 | 1 Adobe | 2 Commerce, Magento | 2024-02-28 | N/A | 4.9 MEDIUM |
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction. | |||||
CVE-2022-48458 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-02-28 | N/A | 5.5 MEDIUM |
In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | |||||
CVE-2023-26587 | 1 Intel | 1 Easy Streaming Wizard | 2024-02-28 | N/A | 7.8 HIGH |
Improper input validation for the Intel(R) Easy Streaming Wizard software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-31011 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure. | |||||
CVE-2023-3768 | 1 Ingeteam | 6 Ingepac Da3451, Ingepac Da3451 Firmware, Ingepac Ef Md and 3 more | 2024-02-28 | N/A | 7.5 HIGH |
Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services. | |||||
CVE-2023-21251 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.3 HIGH |
In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | |||||
CVE-2023-40797 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability. | |||||
CVE-2023-33914 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2024-02-28 | N/A | 7.5 HIGH |
In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information disclosure no additional execution privileges needed | |||||
CVE-2023-31013 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure. | |||||
CVE-2023-5624 | 1 Tenable | 1 Nessus Network Monitor | 2024-02-28 | N/A | 7.2 HIGH |
Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection. | |||||
CVE-2023-27373 | 1 Insyde | 1 Insydeh2o | 2024-02-28 | N/A | 5.5 MEDIUM |
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM. | |||||
CVE-2023-43073 | 1 Dell | 1 Smartfabric Storage Software | 2024-02-28 | N/A | 6.5 MEDIUM |
Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data. |