Total
11827 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46167 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-08-02 | 5.9 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367. | ||||
| CVE-2023-45745 | 2024-08-02 | 7.9 High | ||
| Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-45175 | 1 Ibm | 2 Aix, Vios | 2024-08-02 | 6.2 Medium |
| IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 267973. | ||||
| CVE-2023-45178 | 1 Ibm | 1 Db2 | 2024-08-02 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073. | ||||
| CVE-2023-45171 | 1 Ibm | 2 Aix, Vios | 2024-08-02 | 6.2 Medium |
| IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to cause a denial of service. IBM X-Force ID: 267969. | ||||
| CVE-2023-45165 | 1 Ibm | 1 Aix | 2024-08-02 | 6.2 Medium |
| IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 267963. | ||||
| CVE-2023-45177 | 2024-08-02 | 5.3 Medium | ||
| IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066. | ||||
| CVE-2023-45173 | 1 Ibm | 2 Aix, Vios | 2024-08-02 | 6.2 Medium |
| IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. IBM X-Force ID: 267971. | ||||
| CVE-2023-45169 | 1 Ibm | 2 Aix, Vios | 2024-08-02 | 6.2 Medium |
| IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. IBM X-Force ID: 267967. | ||||
| CVE-2023-45172 | 1 Ibm | 2 Aix, Vios | 2024-08-02 | 6.2 Medium |
| IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970. | ||||
| CVE-2023-44345 | 2024-08-02 | 5.5 Medium | ||
| Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-2339 | 1 Dalibo | 1 Postgresql Anonymizer | 2024-08-02 | 8 High |
| PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous dump method, the malicious code is executed and can grant escalated privileges to the malicious user. PostgreSQL Anonymizer v1.2 does provide a protection against this risk with the restrict_to_trusted_schemas option, but that protection is incomplete. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3. | ||||
| CVE-2023-43745 | 1 Intel | 1 Cbi Software | 2024-08-02 | 2.8 Low |
| Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-42766 | 1 Intel | 4 Nuc 8 Compute Element Cm8v5cb, Nuc 8 Compute Element Cm8v5cb Firmware, Nuc 8 Compute Element Cm8v7cb and 1 more | 2024-08-02 | 7.5 High |
| Improper input validation in some Intel NUC 8 Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-42503 | 1 Apache | 1 Commons Compress | 2024-08-02 | 5.5 Medium |
| Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed TAR file by manipulating file modification times headers, which when parsed with Apache Commons Compress, will cause a denial of service issue via CPU consumption. In version 1.22 of Apache Commons Compress, support was added for file modification times with higher precision (issue # COMPRESS-612 [1]). The format for the PAX extended headers carrying this data consists of two numbers separated by a period [2], indicating seconds and subsecond precision (for example “1647221103.5998539”). The impacted fields are “atime”, “ctime”, “mtime” and “LIBARCHIVE.creationtime”. No input validation is performed prior to the parsing of header values. Parsing of these numbers uses the BigDecimal [3] class from the JDK which has a publicly known algorithmic complexity issue when doing operations on large numbers, causing denial of service (see issue # JDK-6560193 [4]). A third party can manipulate file time headers in a TAR file by placing a number with a very long fraction (300,000 digits) or a number with exponent notation (such as “9e9999999”) within a file modification time header, and the parsing of files with these headers will take hours instead of seconds, leading to a denial of service via exhaustion of CPU resources. This issue is similar to CVE-2012-2098 [5]. [1]: https://issues.apache.org/jira/browse/COMPRESS-612 [2]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_05 [3]: https://docs.oracle.com/javase/8/docs/api/java/math/BigDecimal.html [4]: https://bugs.openjdk.org/browse/JDK-6560193 [5]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098 Only applications using CompressorStreamFactory class (with auto-detection of file types), TarArchiveInputStream and TarFile classes to parse TAR files are impacted. Since this code was introduced in v1.22, only that version and later versions are impacted. | ||||
| CVE-2023-42012 | 1 Ibm | 1 Urbancode Deploy | 2024-08-02 | 6.2 Medium |
| An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509. | ||||
| CVE-2023-40743 | 1 Apache | 1 Axis | 2024-08-02 | 9.8 Critical |
| ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SSRF and even attacks leading to RCE. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. As a workaround, you may review your code to verify no untrusted or unsanitized input is passed to "ServiceFactory.getService", or by applying the patch from https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 . The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome. | ||||
| CVE-2023-41917 | 2024-08-02 | 10 Critical | ||
| Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution. | ||||
| CVE-2023-41781 | 1 Zte | 2 Mf258, Mf258 Firmware | 2024-08-02 | 5.7 Medium |
| There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered. | ||||
| CVE-2023-41268 | 1 Samsung | 1 Escargot | 2024-08-02 | 5.3 Medium |
| Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault. This issue affects Escargot: from 3.0.0 through 4.0.0. | ||||