Total
9762 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29410 | 1 Schneider-electric | 6 Conext Gateway, Conext Gateway Firmware, Insightfacility and 3 more | 2024-02-28 | N/A | 8.8 HIGH |
| A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute. | |||||
| CVE-2023-30659 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
| Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. | |||||
| CVE-2023-20721 | 3 Google, Mediatek, Yoctoproject | 8 Android, Mt6879, Mt6895 and 5 more | 2024-02-28 | N/A | 6.7 MEDIUM |
| In isp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07162155; Issue ID: ALPS07162155. | |||||
| CVE-2023-26388 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-02-28 | N/A | 7.8 HIGH |
| Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-28052 | 1 Dell | 868 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 865 more | 2024-02-28 | N/A | 6.7 MEDIUM |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | |||||
| CVE-2023-20708 | 2 Google, Mediatek | 52 Android, Mt6580, Mt6731 and 49 more | 2024-02-28 | N/A | 6.7 MEDIUM |
| In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581655; Issue ID: ALPS07581655. | |||||
| CVE-2023-28036 | 1 Dell | 868 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 865 more | 2024-02-28 | N/A | 6.7 MEDIUM |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | |||||
| CVE-2023-28649 | 1 Snapone | 2 Orvc, Ovrc-300-pro | 2024-02-28 | N/A | 7.5 HIGH |
| The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user. | |||||
| CVE-2023-30434 | 1 Ibm | 2 Elastic Storage System, Spectrum Scale | 2024-02-28 | N/A | 5.5 MEDIUM |
| IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187. | |||||
| CVE-2023-30664 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
| Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. | |||||
| CVE-2021-46754 | 1 Amd | 112 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 109 more | 2024-02-28 | N/A | 9.1 CRITICAL |
| Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity. | |||||
| CVE-2023-26070 | 1 Lexmark | 217 6500e, B2236, B2338 and 214 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4). | |||||
| CVE-2022-47391 | 1 Codesys | 14 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 11 more | 2024-02-28 | N/A | 7.5 HIGH |
| In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service. | |||||
| CVE-2023-31162 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2024-02-28 | N/A | 4.3 MEDIUM |
| An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file. See SEL Service Bulletin dated 2022-11-15 for more details. | |||||
| CVE-2023-28041 | 1 Dell | 868 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 865 more | 2024-02-28 | N/A | 6.7 MEDIUM |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | |||||
| CVE-2023-32305 | 2 Aiven, Postgresql | 2 Aiven, Postgresql | 2024-02-28 | N/A | 8.8 HIGH |
| aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9. | |||||
| CVE-2023-31148 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2024-02-28 | N/A | 8.8 HIGH |
| An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details. | |||||
| CVE-2023-35163 | 1 Gobalsky | 1 Vega | 2024-02-28 | N/A | 5.2 MEDIUM |
| Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resulting in 5000USDT in that party’s general account. This is without depositing any more than the original 100USDT on the bridge. Despite this exploit requiring access to a validator's Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network. A patch is available in version 0.71.6. No known workarounds are available, however there are mitigations in place should this vulnerability be exploited. There are monitoring alerts for `mainnet1` in place to identify any issues of this nature including this vulnerability being exploited. The validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited. | |||||
| CVE-2023-27043 | 1 Python | 1 Python | 2024-02-28 | N/A | 5.3 MEDIUM |
| The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. | |||||
| CVE-2023-28050 | 1 Dell | 868 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 865 more | 2024-02-28 | N/A | 6.7 MEDIUM |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | |||||