Total
34395 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43114 | 2 Microsoft, Qt | 2 Windows, Qt | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. | ||||
| CVE-2023-43090 | 2 Fedoraproject, Gnome | 2 Fedora, Gnome-shell | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. | ||||
| CVE-2023-43088 | 1 Dell | 2 Precision 7865 Tower, Precision 7865 Tower Firmware | 2024-11-21 | 7.2 High |
| Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device. | ||||
| CVE-2023-43074 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | 5.2 Medium |
| Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server. | ||||
| CVE-2023-43058 | 2 Ibm, Redhat | 3 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Openshift | 2024-11-21 | 5.3 Medium |
| IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527. | ||||
| CVE-2023-43041 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 6.5 Medium |
| IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability is due to an incomplete fix for CVE-2022-34352. IBM X-Force ID: 266808. | ||||
| CVE-2023-42820 | 1 Fit2cloud | 1 Jumpserver | 2024-11-21 | 7 High |
| JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local authentication are also not affected. Users are advised to upgrade to either version 2.28.19 or to 3.6.5. There are no known workarounds or this issue. | ||||
| CVE-2023-42816 | 1 Nirmata | 1 Kyverno | 2024-11-21 | 6.1 Medium |
| Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerability was in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch signatures. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild. | ||||
| CVE-2023-42815 | 1 Nirmata | 1 Kyverno | 2024-11-21 | 3.1 Low |
| Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerability was in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch signatures. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild. | ||||
| CVE-2023-42814 | 1 Nirmata | 1 Kyverno | 2024-11-21 | 3.1 Low |
| Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerable component in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch attestations. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild. | ||||
| CVE-2023-42813 | 1 Nirmata | 1 Kyverno | 2024-11-21 | 6.1 Medium |
| Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerable component in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch attestations. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild. | ||||
| CVE-2023-42805 | 1 Quinn Project | 1 Quinn | 2024-11-21 | 7.5 High |
| quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases. | ||||
| CVE-2023-42798 | 1 Hollowaykeanho | 1 Automataci | 2024-11-21 | 8.2 High |
| AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g. `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository. | ||||
| CVE-2023-42776 | 1 Intel | 1 Sgx Dcap | 2024-11-21 | 3.8 Low |
| Improper input validation in some Intel(R) SGX DCAP software for Windows before version 1.19.100.3 may allow an authenticateed user to potentially enable information disclosure via local access. | ||||
| CVE-2023-42666 | 1 Dexma | 1 Dexgate | 2024-11-21 | 5.3 Medium |
| The affected product is vulnerable to an exposure of sensitive information to an unauthorized actor vulnerability, which may allow an attacker to create malicious requests for obtaining the information of the version about the web server used. | ||||
| CVE-2023-42655 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2024-11-21 | 6.7 Medium |
| In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed | ||||
| CVE-2023-42649 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 5.5 Medium |
| In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-42647 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 5.5 Medium |
| In Ifaa service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-42645 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2024-11-21 | 5.5 Medium |
| In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-42573 | 1 Samsung | 1 Search Widget | 2024-11-21 | 4.7 Medium |
| PendingIntent hijacking vulnerability in Search Widget prior to version 3.4 in China models allows local attackers to access data. | ||||