Search Results (363508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-31019 2 Microsoft, Nvidia 2 Windows, Virtual Gpu 2024-11-21 7.8 High
NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context.
CVE-2023-31017 2 Microsoft, Nvidia 2 Windows, Virtual Gpu 2024-11-21 7.8 High
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
CVE-2023-31016 2 Microsoft, Nvidia 2 Windows, Virtual Gpu 2024-11-21 7.3 High
NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
CVE-2023-31015 1 Nvidia 2 Dgx H100, Dgx H100 Firmware 2024-11-21 6.6 Medium
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service.
CVE-2023-31014 2 Google, Nvidia 2 Android, Geforce Now 2024-11-21 4.2 Medium
NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution.
CVE-2023-31013 1 Nvidia 3 Dgx H100, Dgx H100 Bmc, Dgx H100 Firmware 2024-11-21 6.1 Medium
NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.
CVE-2023-31012 1 Nvidia 3 Dgx H100, Dgx H100 Bmc, Dgx H100 Firmware 2024-11-21 6.1 Medium
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.
CVE-2023-31011 1 Nvidia 2 Dgx H100, Dgx H100 Firmware 2024-11-21 5.2 Medium
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.
CVE-2023-31010 1 Nvidia 3 Dgx H100, Dgx H100 Bmc, Dgx H100 Firmware 2024-11-21 6.8 Medium
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, and denial of service.
CVE-2023-31009 1 Nvidia 2 Dgx H100, Dgx H100 Firmware 2024-11-21 8.3 High
NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.
CVE-2023-31008 1 Nvidia 2 Dgx H100, Dgx H100 Firmware 2024-11-21 7.3 High
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, escalation of privileges, and information disclosure.
CVE-2023-31007 1 Apache 1 Pulsar 2024-11-21 0 Low
Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false. This issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, 2.11.0. 2.9 Pulsar Broker users should upgrade to at least 2.9.5. 2.10 Pulsar Broker users should upgrade to at least 2.10.4. 2.11 Pulsar Broker users should upgrade to at least 2.11.1. 3.0 Pulsar Broker users are unaffected. Any users running the Pulsar Broker for 2.8.* and earlier should upgrade to one of the above patched versions.
CVE-2023-30995 2 Ibm, Linux 2 Aspera Faspex, Linux Kernel 2024-11-21 7.5 High
IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.
CVE-2023-30994 2 Ibm, Linux 2 Qradar Security Information And Event Manager, Linux Kernel 2024-11-21 5.4 Medium
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138
CVE-2023-30993 1 Ibm 1 Cloud Pak For Security 2024-11-21 6.8 Medium
IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136.
CVE-2023-30989 1 Ibm 1 I 2024-11-21 8.4 High
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017.
CVE-2023-30988 1 Ibm 1 I 2024-11-21 8.4 High
The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 254016.
CVE-2023-30969 1 Palantir 1 Tiles 2024-11-21 8.2 High
The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.
CVE-2023-30967 1 Palantir 1 Orbital Simulator 2024-11-21 9.8 Critical
Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.
CVE-2023-30963 1 Palantir 1 Foundry Frontend 2024-11-21 5.4 Medium
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.