Total
29058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22477 | 1 Mercurius Project | 1 Mercurius | 2024-11-21 | N/A | 5.3 MEDIUM |
| Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. This issue was patched in #940. As a workaround, users can disable subscriptions. | |||||
| CVE-2023-22428 | 1 Gallagher | 1 Command Centre | 2024-11-21 | N/A | 7.6 HIGH |
| Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior. | |||||
| CVE-2023-22413 | 1 Juniper | 18 Junos, Mx10, Mx10000 and 15 more | 2024-11-21 | N/A | 7.5 HIGH |
| An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). On all MX platforms with MS-MPC or MS-MIC card, when specific IPv4 packets are processed by an IPsec6 tunnel, the Multiservices PIC Management Daemon (mspmand) process will core and restart. This will lead to FPC crash. Traffic flow is impacted while mspmand restarts. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition. This issue only occurs if an IPv4 address is not configured on the multiservice interface. This issue affects: Juniper Networks Junos OS on MX Series All versions prior to 19.4R3-S9; 20.1 version 20.1R3-S5 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. | |||||
| CVE-2023-22405 | 1 Juniper | 15 Ex4600, Ex4600-vc, Ex4650 and 12 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources. When a device is configured with "service-provider/SP style" switching, and mac-limiting is configured on an Aggregated Ethernet (ae) interface, and then a PFE is restarted or the device is rebooted, mac-limiting doesn't work anymore. Please note that the issue might not be apparent as traffic will continue to flow through the device although the mac table and respective logs will indicate that mac limit is reached. Functionality can be restored by removing and re-adding the MAC limit configuration. This issue affects Juniper Networks Junos OS on QFX5k Series, EX46xx Series: All versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3 on; 21.4 versions prior to 21.4R3 on; 22.1 versions prior to 22.1R2 on. | |||||
| CVE-2023-22394 | 1 Juniper | 46 Junos, Mx10, Mx10000 and 43 more | 2024-11-21 | N/A | 7.5 HIGH |
| An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services (DoS). This issue occurs on all MX Series platforms with MS-MPC or MS-MIC card and all SRX Series platforms where SIP ALG is enabled. Successful exploitation of this vulnerability prevents additional SIP calls and applications from succeeding. The SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. To confirm whether SIP ALG is enabled on SRX use the following command: user@host> show security alg status | match sip SIP : Enabled This issue affects Juniper Networks Junos OS on SRX Series and on MX Series: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S10; 20.1 versions 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2, 22.1R3-S1. This issue does not affect Juniper Networks Junos OS on SRX Series and on MX Series: All versions prior to 18.2R1. | |||||
| CVE-2023-22387 | 1 Qualcomm | 542 205, 205 Firmware, 215 and 539 more | 2024-11-21 | N/A | 7.8 HIGH |
| Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. | |||||
| CVE-2023-22357 | 1 Omron | 2 Cp1l-el20dr-d, Cp1l-el20dr-d Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution. | |||||
| CVE-2023-22348 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | |||||
| CVE-2023-22339 | 1 Contec | 1 Conprosys Hmi System | 2024-11-21 | N/A | 7.5 HIGH |
| Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product. | |||||
| CVE-2023-22335 | 1 Dos-osaka | 2 Rakuraku Pc Cloud Agent, Ss1 | 2024-11-21 | N/A | 7.5 HIGH |
| Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. As a result of exploiting this vulnerability with CVE-2023-22336 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. | |||||
| CVE-2023-22316 | 1 Pixela | 2 Pix-rt100, Pix-rt100 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services. | |||||
| CVE-2023-21673 | 1 Qualcomm | 326 Aqt1000, Aqt1000 Firmware, Ar8035 and 323 more | 2024-11-21 | N/A | 8.7 HIGH |
| Improper Access to the VM resource manager can lead to Memory Corruption. | |||||
| CVE-2023-21642 | 1 Qualcomm | 26 Qam8295p, Qam8295p Firmware, Qca6574au and 23 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory corruption in HAB Memory management due to broad system privileges via physical address. | |||||
| CVE-2023-21518 | 1 Samsung | 1 Searchwidget | 2024-11-21 | N/A | 4.4 MEDIUM |
| Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity. | |||||
| CVE-2023-21505 | 1 Samsung | 1 Samsung Core Services | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox. | |||||
| CVE-2023-21496 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.1 MEDIUM |
| Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level. | |||||
| CVE-2023-21486 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | |||||
| CVE-2023-21485 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | |||||
| CVE-2023-21464 | 2 Google, Samsung | 2 Android, Calendar | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status. | |||||
| CVE-2023-21463 | 2 Google, Samsung | 2 Android, Myfiles | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions. | |||||