Total
29109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1691 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.5 High |
| Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2023-1390 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Rhel Aus and 2 more | 2024-08-02 | 7.5 High |
| A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition. | ||||
| CVE-2023-1383 | 2 Amazon, Bestbuy | 3 Fire Os, Fire Tv Stick 3rd Gen, Insignia Tv | 2024-08-02 | 5.4 Medium |
| An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3. | ||||
| CVE-2023-1305 | 1 Rapid7 | 2 Insightappsec, Insightcloudsec | 2024-08-02 | 8.1 High |
| An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. | ||||
| CVE-2023-1201 | 1 Devolutions | 1 Devolutions Server | 2024-08-02 | 6.5 Medium |
| Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains. | ||||
| CVE-2023-1260 | 2 Kubernetes, Redhat | 4 Kube-apiserver, Openshift, Openshift Container Platform and 1 more | 2024-08-02 | 8 High |
| An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. | ||||
| CVE-2023-1143 | 1 Deltaww | 1 Infrasuite Device Master | 2024-08-02 | 8.8 High |
| In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2023-1094 | 1 Monicahq | 1 Monica | 2024-08-02 | 8.8 High |
| MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter. | ||||
| CVE-2023-1132 | 1 Silabs | 1 Gecko Software Development Kit | 2024-08-02 | 5.3 Medium |
| Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2023-0965 | 1 Silabs | 1 Gecko Software Development Kit | 2024-08-02 | 3.1 Low |
| Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2023-1031 | 1 Monicahq | 1 Monica | 2024-08-02 | 8.8 High |
| MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter. | ||||
| CVE-2023-0951 | 1 Devolutions | 1 Devolutions Server | 2024-08-02 | 8.8 High |
| Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions. | ||||
| CVE-2023-0916 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2024-08-02 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491. | ||||
| CVE-2023-0914 | 1 Pixelfed | 1 Pixelfed | 2024-08-02 | 5.3 Medium |
| Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4. | ||||
| CVE-2023-0857 | 1 Canon | 90 I-sensys Lbp621cw, I-sensys Lbp621cw Firmware, I-sensys Lbp623cdw and 87 more | 2024-08-02 | 5.9 Medium |
| Unintentional change of settings during initial registration of system administrators which uses control protocols. The affected Office / Small Office Multifunction Printers and Laser Printers(*) may allow an attacker on the network segment to trigger unauthorized access to the product. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | ||||
| CVE-2023-0821 | 1 Hashicorp | 1 Nomad | 2024-08-02 | 6.5 Medium |
| HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4. | ||||
| CVE-2023-0837 | 3 Apple, Microsoft, Teamviewer | 3 Macos, Windows, Remote | 2024-08-02 | 6.6 Medium |
| An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration. | ||||
| CVE-2023-0744 | 1 Answer | 1 Answer | 2024-08-02 | 9.8 Critical |
| Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4. | ||||
| CVE-2023-0777 | 1 Modoboa | 1 Modoboa | 2024-08-02 | 9.8 Critical |
| Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. | ||||
| CVE-2023-0704 | 1 Google | 1 Chrome | 2024-08-02 | 6.5 Medium |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low) | ||||