Total
28982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5389 | 1 Honeywell | 4 Controledge Unit Operations Controller, Controledge Unit Operations Controller Firmware, Controledge Virtual Unit Operations Controller and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
| An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2023-42580 | 1 Samsung | 1 Galaxy Store | 2024-02-28 | N/A | 9.8 CRITICAL |
| Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store. | |||||
| CVE-2023-47889 | 1 Binhdrm26 | 1 Super Reboot | 2024-02-28 | N/A | 7.8 HIGH |
| The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly concerning because these actions include powering off, system reboot & entering recovery mode. | |||||
| CVE-2022-34381 | 1 Dell | 2 Bsafe Crypto-j, Bsafe Ssl-j | 2024-02-28 | N/A | 9.8 CRITICAL |
| Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2023-4922 | 1 Wpb Show Core Project | 1 Wpb Show Core | 2024-02-28 | N/A | 9.8 CRITICAL |
| The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter. | |||||
| CVE-2023-44295 | 1 Dell | 1 Powerscale Onefs | 2024-02-28 | N/A | 8.1 HIGH |
| Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure. | |||||
| CVE-2023-50333 | 1 Mattermost | 1 Mattermost Server | 2024-02-28 | N/A | 4.3 MEDIUM |
| Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names. | |||||
| CVE-2023-43183 | 1 Reprise | 1 License Manager | 2024-02-28 | N/A | 8.8 HIGH |
| Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account. | |||||
| CVE-2024-21653 | 1 Vantage6 | 1 Vantage6 | 2024-02-28 | N/A | 9.8 CRITICAL |
| The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. The vulnerability can be mitigated by removing the ssh part from the docker file and rebuilding the docker image. Version 4.2.0 patches the vulnerability. | |||||
| CVE-2023-44281 | 1 Dell | 1 Pair | 2024-02-28 | N/A | 7.1 HIGH |
| Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service. | |||||
| CVE-2024-20802 | 1 Samsung | 1 Dex | 2024-02-28 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment. | |||||
| CVE-2023-43086 | 1 Dell | 1 Command\|configure | 2024-02-28 | N/A | 7.8 HIGH |
| Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation. | |||||
| CVE-2024-23055 | 1 Plone | 1 Plone Docker Official Image | 2024-02-28 | N/A | 6.1 MEDIUM |
| An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers. | |||||
| CVE-2023-48252 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-02-28 | N/A | 8.8 HIGH |
| The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. | |||||
| CVE-2023-47171 | 1 Wwbn | 1 Avideo | 2024-02-28 | N/A | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read. | |||||
| CVE-2023-50708 | 1 Yiiframework | 1 Yii2-authclient | 2024-02-28 | N/A | 9.8 CRITICAL |
| yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available. | |||||
| CVE-2023-50477 | 1 Nos | 1 Nos Client | 2024-02-28 | N/A | 9.8 CRITICAL |
| An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js. | |||||
| CVE-2022-23821 | 1 Amd | 214 Athlon 3015ce, Athlon 3015ce Firmware, Athlon 3015e and 211 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution. | |||||
| CVE-2023-4804 | 1 Johnsoncontrols | 12 Quantum Hd Unity Acuair, Quantum Hd Unity Acuair Firmware, Quantum Hd Unity Compressor and 9 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. | |||||
| CVE-2024-21589 | 1 Juniper | 1 Paragon Active Assurance Control Center | 2024-02-28 | N/A | 7.5 HIGH |
| An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information. A feature was introduced in version 3.1.0 of the Paragon Active Assurance Control Center which allows users to selectively share account data. By exploiting this vulnerability, it is possible to access reports without being logged in, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance versions 3.1.0, 3.2.0, 3.2.2, 3.3.0, 3.3.1, 3.4.0. This issue does not affect Juniper Networks Paragon Active Assurance versions earlier than 3.1.0. | |||||