Total
28982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2481 | 1 Silabs | 1 Gecko Software Development Kit | 2024-02-28 | N/A | 7.5 HIGH |
| Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | |||||
| CVE-2023-20558 | 1 Amd | 178 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 175 more | 2024-02-28 | N/A | 8.8 HIGH |
| Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. | |||||
| CVE-2023-21116 | 1 Google | 1 Android | 2024-02-28 | N/A | 6.7 MEDIUM |
| In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256202273 | |||||
| CVE-2023-27384 | 1 Cybozu | 1 Garoon | 2024-02-28 | N/A | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport. | |||||
| CVE-2023-0344 | 1 Akuvox | 2 E11, E11 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
| Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server. | |||||
| CVE-2023-24486 | 1 Citrix | 1 Workspace | 2024-02-28 | N/A | 5.5 MEDIUM |
| A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched. | |||||
| CVE-2023-2733 | 1 Inspireui | 1 Mstore Api | 2024-02-28 | N/A | 9.8 CRITICAL |
| The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. | |||||
| CVE-2023-33847 | 3 Hp, Ibm, Linux | 5 Hp-ux, Aix, Cics Tx and 2 more | 2024-02-28 | N/A | 3.1 LOW |
| IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102. | |||||
| CVE-2022-41621 | 1 Intel | 1 Quickassist Technology | 2024-02-28 | N/A | 5.5 MEDIUM |
| Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-21485 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 4.6 MEDIUM |
| Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | |||||
| CVE-2023-1305 | 1 Rapid7 | 2 Insightappsec, Insightcloudsec | 2024-02-28 | N/A | 8.1 HIGH |
| An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. | |||||
| CVE-2022-37409 | 1 Intel | 1 Integrated Performance Primitives Cryptography | 2024-02-28 | N/A | 5.5 MEDIUM |
| Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-29147 | 1 Malwarebytes | 2 Endpoint Detection And Response, Malwarebytes | 2024-02-28 | N/A | 5.5 MEDIUM |
| In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier. | |||||
| CVE-2022-47874 | 1 Jedox | 2 Cloud, Jedox | 2024-02-28 | N/A | 6.5 MEDIUM |
| Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'. | |||||
| CVE-2023-29862 | 1 Agasio Camera Project | 2 Agasio Camera, Agasio Camera Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters. | |||||
| CVE-2023-21087 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
| In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261723753 | |||||
| CVE-2023-28657 | 1 Contec | 1 Conprosys Hmi System | 2024-02-28 | N/A | 8.8 HIGH |
| Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user of the PC where the affected product is installed may gain an administrative privilege. As a result, information regarding the product may be obtained and/or altered by the user. | |||||
| CVE-2023-25134 | 1 Mcafee | 1 Total Protection | 2024-02-28 | N/A | 6.7 MEDIUM |
| McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload. | |||||
| CVE-2023-34673 | 1 Elenos | 2 Etg150, Etg150 Firmware | 2024-02-28 | N/A | 6.5 MEDIUM |
| Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service. The attack can occur over the public Internet in some cases. | |||||
| CVE-2023-30331 | 1 Beetl Project | 1 Beetl | 2024-02-28 | N/A | 9.8 CRITICAL |
| An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload. | |||||