Total
9762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-36021 | 1 Magento | 1 Magento | 2024-02-28 | N/A | 7.2 HIGH |
Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability to achieve remote code execution on the system. | |||||
CVE-2023-46289 | 1 Rockwellautomation | 1 Factorytalk View | 2024-02-28 | N/A | 7.5 HIGH |
Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition. | |||||
CVE-2023-37948 | 1 Jenkins | 1 Cloud Infrastructure Compute | 2024-02-28 | N/A | 3.7 LOW |
Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks. | |||||
CVE-2023-31008 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2024-02-28 | N/A | 7.8 HIGH |
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, escalation of privileges, and information disclosure. | |||||
CVE-2023-41746 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2024-02-28 | N/A | 9.8 CRITICAL |
Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | |||||
CVE-2023-3676 | 2 Kubernetes, Microsoft | 2 Kubernetes, Windows | 2024-02-28 | N/A | 8.8 HIGH |
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | |||||
CVE-2021-29913 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2024-02-28 | N/A | 7.1 HIGH |
IBM Security Verify Privilege On-Premise 11.5 could allow an authenticated user to obtain sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 207898. | |||||
CVE-2023-40062 | 1 Solarwinds | 1 Solarwinds Platform | 2024-02-28 | N/A | 8.8 HIGH |
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges. | |||||
CVE-2015-2202 | 2 Arubanetworks, Hp | 2 Airwave, Airwave | 2024-02-28 | N/A | 7.2 HIGH |
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS. | |||||
CVE-2023-39390 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | N/A | 7.5 HIGH |
Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart. | |||||
CVE-2023-20564 | 2 Amd, Microsoft | 4 Ryzen Master, Ryzen Master Monitoring Sdk, Windows 10 and 1 more | 2024-02-28 | N/A | 6.7 MEDIUM |
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution. | |||||
CVE-2023-32485 | 1 Dell | 1 Smartfabric Storage Software | 2024-02-28 | N/A | 9.8 CRITICAL |
Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity. | |||||
CVE-2022-4911 | 1 Google | 1 Chrome | 2024-02-28 | N/A | 6.5 MEDIUM |
Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | |||||
CVE-2022-48457 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-02-28 | N/A | 5.5 MEDIUM |
In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | |||||
CVE-2023-4435 | 1 Hamza417 | 1 Inure | 2024-02-28 | N/A | 5.5 MEDIUM |
Improper Input Validation in GitHub repository hamza417/inure prior to build88. | |||||
CVE-2023-5104 | 1 Xgenecloud | 1 Nocodb | 2024-02-28 | N/A | 6.5 MEDIUM |
Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0. | |||||
CVE-2023-30690 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities. | |||||
CVE-2023-36619 | 1 Unify | 1 Session Border Controller | 2024-02-28 | N/A | 9.8 CRITICAL |
Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users. | |||||
CVE-2023-38690 | 1 Matrix | 1 Matrix Irc Bridge | 2024-02-28 | N/A | 9.8 CRITICAL |
matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0.1 and above are patched. There are no robust workarounds to the bug. One may disable dynamic channels in the config to disable the most common execution method but others may exist. | |||||
CVE-2023-31009 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure. |