Total
2820 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-0273 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-02 | 6.5 Medium |
Improper Access Control in Pypi calibreweb prior to 0.6.16. | ||||
CVE-2022-0203 | 1 Craterapp | 1 Crater | 2024-08-02 | 5.3 Medium |
Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2. | ||||
CVE-2022-0170 | 1 Framasoft | 1 Peertube | 2024-08-02 | 4.3 Medium |
peertube is vulnerable to Improper Access Control | ||||
CVE-2022-0133 | 1 Framasoft | 1 Peertube | 2024-08-02 | 7.5 High |
peertube is vulnerable to Improper Access Control | ||||
CVE-2023-52801 | 1 Redhat | 1 Enterprise Linux | 2024-08-02 | 9.1 Critical |
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix missing update of domains_itree after splitting iopt_area In iopt_area_split(), if the original iopt_area has filled a domain and is linked to domains_itree, pages_nodes have to be properly reinserted. Otherwise the domains_itree becomes corrupted and we will UAF. | ||||
CVE-2023-52712 | 2024-08-02 | 7.8 High | ||
Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM | ||||
CVE-2023-52711 | 1 Huawei | 1 Curiem-wfg9b | 2024-08-02 | 7.8 High |
Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially leading code execution in SMM | ||||
CVE-2023-52537 | 2024-08-02 | 7.5 High | ||
Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
CVE-2023-52367 | 2024-08-02 | 7.7 High | ||
Vulnerability of improper access control in the media library module.Successful exploitation of this vulnerability may affect service availability and integrity. | ||||
CVE-2023-51661 | 1 Wasmer | 1 Wasmer | 2024-08-02 | 8.4 High |
Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4. | ||||
CVE-2023-51390 | 1 Aiven | 1 Journalpump | 2024-08-02 | 6.5 Medium |
journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0. | ||||
CVE-2023-50928 | 1 Amazon | 1 Awslabs Sandbox Accounts For Events | 2024-08-02 | 7.1 High |
"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0. | ||||
CVE-2023-50783 | 1 Apache | 1 Airflow | 2024-08-02 | 6.5 Medium |
Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are recommended to upgrade to 2.8.0, which fixes this issue | ||||
CVE-2023-50706 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2024-08-02 | 4.1 Medium |
A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens. | ||||
CVE-2023-50333 | 1 Mattermost | 1 Mattermost Server | 2024-08-02 | 3.7 Low |
Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names. | ||||
CVE-2023-47867 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2024-08-02 | 8.8 High |
MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device. | ||||
CVE-2023-49874 | 1 Mattermost | 1 Mattermost Server | 2024-08-02 | 4.3 Medium |
Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID. | ||||
CVE-2023-49694 | 1 Netgear | 1 Prosafe Network Management System | 2024-08-02 | 7.8 High |
A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM. | ||||
CVE-2023-49473 | 2024-08-02 | 9.8 Critical | ||
Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware version V1.2.0 and software version V2.0.0 build 6245 is vulnerable to Incorrect Access Control. | ||||
CVE-2023-49098 | 1 Discourse | 1 Discourse Reactions | 2024-08-02 | 3.5 Low |
Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939. |