Total
28533 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-1329 | 1 Hp | 1914 Laserjet Managed Mfp E62665 3gy14a, Laserjet Managed Mfp E62665 3gy14a Firmware, Laserjet Managed Mfp E62665 3gy15a and 1911 more | 2024-08-02 | 9.8 Critical |
A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products. | ||||
CVE-2023-1297 | 1 Hashicorp | 1 Consul | 2024-08-02 | 4.9 Medium |
Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3 | ||||
CVE-2023-1223 | 1 Google | 2 Android, Chrome | 2024-08-02 | 4.3 Medium |
Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2023-1221 | 1 Google | 1 Chrome | 2024-08-02 | 4.3 Medium |
Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||
CVE-2023-1299 | 1 Hashicorp | 1 Nomad | 2024-08-02 | 7.4 High |
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1. | ||||
CVE-2023-1208 | 1 Riverside | 1 Http Headers | 2024-08-02 | 7.2 High |
This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability. | ||||
CVE-2023-1230 | 1 Google | 2 Android, Chrome | 2024-08-02 | 4.3 Medium |
Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2023-1232 | 1 Google | 1 Chrome | 2024-08-02 | 4.3 Medium |
Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low) | ||||
CVE-2023-1203 | 1 Devolutions | 1 Remote Desktop Manager | 2024-08-02 | 6.5 Medium |
Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule. | ||||
CVE-2023-1228 | 1 Google | 2 Android, Chrome | 2024-08-02 | 4.3 Medium |
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2023-1236 | 1 Google | 1 Chrome | 2024-08-02 | 4.3 Medium |
Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low) | ||||
CVE-2023-1233 | 1 Google | 1 Chrome | 2024-08-02 | 4.3 Medium |
Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
CVE-2023-1226 | 1 Google | 1 Chrome | 2024-08-02 | 6.5 Medium |
Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2023-1224 | 1 Google | 1 Chrome | 2024-08-02 | 4.3 Medium |
Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2023-1225 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-08-02 | 4.3 Medium |
Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2023-1234 | 1 Google | 2 Android, Chrome | 2024-08-02 | 4.3 Medium |
Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
CVE-2023-1231 | 1 Google | 2 Android, Chrome | 2024-08-02 | 4.3 Medium |
Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2023-1204 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 4.3 Medium |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings. | ||||
CVE-2023-1174 | 2 Apple, Kubernetes | 2 Macos, Minikube | 2024-08-02 | 9.8 Critical |
This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. | ||||
CVE-2023-1161 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-02 | 6.3 Medium |
ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file |