Search Results (363337 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-27307 1 Intel 1 Thunderbolt Dch Driver 2024-11-21 3.8 Low
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-27306 1 Intel 10 Optane Memory H20 With Solid State Storage, Optane Memory H20 With Solid State Storage Firmware, Optane Ssd 900p and 7 more 2024-11-21 6.5 Medium
Improper Initialization in firmware for some Intel(R) Optane(TM) SSD products may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-27305 2 Intel, Microsoft 3 Arc A Graphics, Iris Xe Graphics, Windows 2024-11-21 6.7 Medium
Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-27303 1 Intel 1 Thunderbolt Dch Driver 2024-11-21 3.8 Low
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-27301 1 Intel 1 Thunderbolt Dch Driver 2024-11-21 4.2 Medium
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-27300 1 Intel 1 Thunderbolt Dch Driver 2024-11-21 3.8 Low
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-27296 1 Apache 1 Inlong 2024-11-21 8.8 High
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick [2] to solve it. [1]  https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [2] https://github.com/apache/inlong/pull/7422 https://github.com/apache/inlong/pull/7422
CVE-2023-27279 1 Ibm 1 Aspera Faspex 2024-11-21 6.5 Medium
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.
CVE-2023-27262 1 Idattend 1 Idweb 2024-11-21 9.8 Critical
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-27261 1 Idattend 1 Idweb 2024-11-21 5.3 Medium
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.
CVE-2023-27260 1 Idattend 1 Idweb 2024-11-21 9.8 Critical
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-27259 1 Idattend 1 Idweb 2024-11-21 7.5 High
Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.
CVE-2023-27258 1 Idattend 1 Idweb 2024-11-21 7.5 High
Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.
CVE-2023-27257 1 Idattend 1 Idweb 2024-11-21 7.5 High
Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.
CVE-2023-27256 1 Idattend 1 Idweb 2024-11-21 5.8 Medium
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.
CVE-2023-27255 1 Idattend 1 Idweb 2024-11-21 9.8 Critical
Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-27254 1 Idattend 1 Idweb 2024-11-21 9.8 Critical
Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2023-27225 1 User Registration \& Login And User Management System With Admin Panel Project 1 User Registration \& Login And User Management System With Admin Panel 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field.
CVE-2023-27198 1 Paxtechnology 2 Pax A930, Pax A930 Firmware 2024-11-21 6.8 Medium
PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this vulnerability.
CVE-2023-27170 1 Xpand-it 1 Write-back Manager 2024-11-21 7.5 High
Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter.