Total
28982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-30734 | 1 Samsung | 1 Health | 2024-02-28 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | |||||
| CVE-2023-32488 | 1 Dell | 1 Powerscale Onefs | 2024-02-28 | N/A | 4.3 MEDIUM |
| Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2023-4456 | 1 Redhat | 1 Openshift Logging | 2024-02-28 | N/A | 6.5 MEDIUM |
| A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached. | |||||
| CVE-2023-30714 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 4.6 MEDIUM |
| Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock. | |||||
| CVE-2023-4898 | 1 Mintplexlabs | 1 Anything-llm | 2024-02-28 | N/A | 7.5 HIGH |
| Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. | |||||
| CVE-2023-5358 | 1 Devolutions | 1 Devolutions Server | 2024-02-28 | N/A | 5.3 MEDIUM |
| Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters. | |||||
| CVE-2023-31704 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2024-02-28 | N/A | 9.8 CRITICAL |
| Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role. | |||||
| CVE-2023-3265 | 1 Cyberpower | 1 Powerpanel Server | 2024-02-28 | N/A | 9.8 CRITICAL |
| An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator with hardcoded default credentials. | |||||
| CVE-2023-38206 | 1 Adobe | 1 Coldfusion | 2024-02-28 | N/A | 5.3 MEDIUM |
| Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints resulting in a low-confidentiality impact. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-40964 | 3 Debian, Fedoraproject, Intel | 17 Debian Linux, Fedora, Killer and 14 more | 2024-02-28 | N/A | 6.7 MEDIUM |
| Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-46329 | 3 Debian, Fedoraproject, Intel | 6 Debian Linux, Fedora, Killer and 3 more | 2024-02-28 | N/A | 6.7 MEDIUM |
| Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-42222 | 1 Webcatalog | 1 Webcatalog | 2024-02-28 | N/A | 8.8 HIGH |
| WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. | |||||
| CVE-2023-5583 | 1 Maca134 | 1 Wp Simple Galleries | 2024-02-28 | N/A | 8.8 HIGH |
| The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery' post meta via 'wpsgallery' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |||||
| CVE-2023-40023 | 1 Yaklang | 1 Yaklang | 2024-02-28 | N/A | 7.5 HIGH |
| yaklang is a programming language designed for cybersecurity. The Yak Engine has been found to contain a local file inclusion (LFI) vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to the unintended exposure of sensitive data, potential remote code execution, or other security breaches. Users utilizing versions of the Yak Engine prior to 1.2.4-sp1 are impacted. This vulnerability has been patched in version 1.2.4-sp1. Users are advised to upgrade. users unable to upgrade may avoid exposing vulnerable versions to untrusted input and to closely monitor any unexpected server behavior until they can upgrade. | |||||
| CVE-2023-4258 | 1 Zephyrproject | 1 Zephyr | 2024-02-28 | N/A | 6.5 MEDIUM |
| In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. | |||||
| CVE-2023-25519 | 1 Nvidia | 8 Bluefield 1, Bluefield 1 Firmware, Bluefield 2 Ga and 5 more | 2024-02-28 | N/A | 7.8 HIGH |
| NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges. | |||||
| CVE-2023-31172 | 1 Selinc | 1 Sel-5030 Acselerator Quickset | 2024-02-28 | N/A | 7.4 HIGH |
| An Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | |||||
| CVE-2023-36132 | 1 Phpjabbers | 1 Availability Booking Calendar | 2024-02-28 | N/A | 9.8 CRITICAL |
| PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control. | |||||
| CVE-2023-44203 | 1 Juniper | 26 Ex2300, Ex2300-24mp, Ex2300-24p and 23 more | 2024-02-28 | N/A | 6.5 MEDIUM |
| An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS). When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood. This issue affects QFX5000 series, EX2300, EX3400, EX4100, EX4400 and EX4600 platforms only. This issue affects Juniper Junos OS on on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S3; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2. | |||||
| CVE-2023-39945 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2024-02-28 | N/A | 7.5 HIGH |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue. | |||||