Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-32666 | 2 Linuxfoundation, Mediatek | 23 Yocto, Mt7603, Mt7603 Firmware and 20 more | 2024-02-28 | N/A | 7.5 HIGH |
In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014. | |||||
CVE-2022-41646 | 1 Intel | 1 Integrated Performance Primitives Cryptography | 2024-02-28 | N/A | 5.5 MEDIUM |
Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access. | |||||
CVE-2023-28810 | 1 Hikvision | 74 Ds-k1t320efwx, Ds-k1t320efwx Firmware, Ds-k1t320efx and 71 more | 2024-02-28 | N/A | 4.3 MEDIUM |
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network. | |||||
CVE-2023-2019 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-28 | N/A | 4.4 MEDIUM |
A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system. | |||||
CVE-2023-25517 | 4 Citrix, Nvidia, Redhat and 1 more | 4 Hypervisor, Gpu Display Driver, Enterprise Linux Kernel-based Virtual Machine and 1 more | 2024-02-28 | N/A | 7.1 HIGH |
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering. | |||||
CVE-2023-25589 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-02-28 | N/A | 9.8 CRITICAL |
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise. | |||||
CVE-2023-27920 | 1 Contec | 4 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Sv-cpt-mc310f and 1 more | 2024-02-28 | N/A | 4.3 MEDIUM |
Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product. | |||||
CVE-2022-40972 | 1 Intel | 1 Quickassist Technology | 2024-02-28 | N/A | 7.8 HIGH |
Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-32096 | 1 Silabs | 1 Gecko Software Development Kit | 2024-02-28 | N/A | 7.5 HIGH |
Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | |||||
CVE-2023-1132 | 1 Silabs | 1 Gecko Software Development Kit | 2024-02-28 | N/A | 7.5 HIGH |
Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | |||||
CVE-2023-24489 | 1 Citrix | 1 Sharefile Storage Zones Controller | 2024-02-28 | N/A | 9.8 CRITICAL |
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. | |||||
CVE-2023-30946 | 1 Palantir | 1 Foundry Issues | 2024-02-28 | N/A | 4.3 MEDIUM |
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue. | |||||
CVE-2023-0317 | 1 Secomea | 1 Gatemanager | 2024-02-28 | N/A | 4.9 MEDIUM |
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. | |||||
CVE-2023-32552 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-02-28 | N/A | 5.3 MEDIUM |
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553 | |||||
CVE-2023-28369 | 1 Brother | 1 Iprint\&scan | 2024-02-28 | N/A | 3.3 LOW |
Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user's Android device, which may lead to displaying the settings and/or log information of the affected app as a print preview. | |||||
CVE-2022-47542 | 1 Red-gate | 1 Sql Monitor | 2024-02-28 | N/A | 8.8 HIGH |
Red Gate SQL Monitor 11.0.14 through 12.1.46 has Incorrect Access Control, exploitable remotely for Escalation of Privileges. | |||||
CVE-2023-28062 | 1 Dell | 1 Powerprotect Data Manager | 2024-02-28 | N/A | 8.8 HIGH |
Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions. | |||||
CVE-2023-35173 | 1 Nextcloud | 1 End-to-end Encryption | 2024-02-28 | N/A | 6.5 MEDIUM |
Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix. | |||||
CVE-2023-28051 | 1 Dell | 1 Power Manager | 2024-02-28 | N/A | 7.8 HIGH |
Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system. | |||||
CVE-2023-30282 | 1 Prestashop | 1 Scexportcustomers | 2024-02-28 | N/A | 7.5 HIGH |
PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak of personal information from customer table. |