Export limit exceeded: 351143 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35239 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35239 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34118 | 1 Zoom | 1 Rooms | 2024-11-21 | 7.3 High |
| Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | ||||
| CVE-2023-34116 | 1 Zoom | 1 Zoom | 2024-11-21 | 8.2 High |
| Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access. | ||||
| CVE-2023-34090 | 1 Decidim | 1 Decidim | 2024-11-21 | 7.5 High |
| Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections (e.g., public meetings). By default, this library allows filtering on all data attributes and associations. This allows an unauthenticated remote attacker to exfiltrate non-public data from the underlying database of a Decidim instance (e.g., exfiltrating data from the user table). This issue may lead to Sensitive Data Disclosure. The problem was patched in version 0.27.3. | ||||
| CVE-2023-34086 | 1 Intel | 143 Bios, Compute Element Stk2mv64cc, Compute Element Stk2mv64cc Firmware and 140 more | 2024-11-21 | 8.2 High |
| Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-34085 | 1 Pingidentity | 1 Pingfederate | 2024-11-21 | 2.6 Low |
| When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request | ||||
| CVE-2023-34064 | 1 Vmware | 1 Workspace One Launcher | 2024-11-21 | 4.6 Medium |
| Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information. | ||||
| CVE-2023-34056 | 1 Vmware | 1 Vcenter Server | 2024-11-21 | 4.3 Medium |
| vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. | ||||
| CVE-2023-34054 | 1 Pivotal | 1 Reactor Netty | 2024-11-21 | 5.3 Medium |
| In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled. | ||||
| CVE-2023-34047 | 1 Vmware | 1 Spring For Graphql | 2024-11-21 | 3.1 Low |
| A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry. | ||||
| CVE-2023-34041 | 1 Cloudfoundry | 2 Cf-deployment, Routing-release | 2024-11-21 | 5.3 Medium |
| Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations. | ||||
| CVE-2023-34038 | 1 Vmware | 1 Horizon Client | 2024-11-21 | 5.3 Medium |
| VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration. | ||||
| CVE-2023-34034 | 2 Redhat, Vmware | 2 Jboss Fuse, Spring Security | 2024-11-21 | 9.1 Critical |
| Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. | ||||
| CVE-2023-33972 | 1 Scylladb | 1 Scylladb | 2024-11-21 | 7.2 High |
| Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users. | ||||
| CVE-2023-33875 | 1 Intel | 10 Killer, Killer Wi-fi 6 Ax1650, Killer Wi-fi 6e Ax1675 and 7 more | 2024-11-21 | 7.1 High |
| Improper access control for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via local access.. | ||||
| CVE-2023-33857 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 5.3 Medium |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695. | ||||
| CVE-2023-33851 | 1 Ibm | 1 Powervm Hypervisor | 2024-11-21 | 5.3 Medium |
| IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135. | ||||
| CVE-2023-33796 | 1 Netbox | 1 Netbox | 2024-11-21 | 9.1 Critical |
| A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; queries for database objects would have been denied. | ||||
| CVE-2023-33745 | 1 Teleadapt | 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware | 2024-11-21 | 9.8 Critical |
| TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password). | ||||
| CVE-2023-33684 | 1 Dbbroadcast | 3 Sft Dab 600\/c, Sft Dab 600\/c Bios, Sft Dab 600\/c Firmware | 2024-11-21 | 5.7 Medium |
| Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol. | ||||
| CVE-2023-33562 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-11-21 | 9.8 Critical |
| User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | ||||