Total
34393 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38421 | 1 Apple | 1 Macos | 2024-11-21 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory. | ||||
| CVE-2023-38410 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-21 | 7.8 High |
| The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges. | ||||
| CVE-2023-38409 | 2 Linux, Redhat | 8 Linux Kernel, Enterprise Linux, Rhel Aus and 5 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info). | ||||
| CVE-2023-38405 | 1 Crestron | 7 3-series Control Systems, Cp3-gv 6506034, Cp3-gv 6506034 Firmware and 4 more | 2024-11-21 | 7.5 High |
| On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash. | ||||
| CVE-2023-38402 | 2 Hp, Microsoft | 2 Aruba Virtual Intranet Access, Windows | 2024-11-21 | 7.1 High |
| A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process. | ||||
| CVE-2023-38379 | 1 Rigol | 2 Mso5000, Mso5000 Firmware | 2024-11-21 | 7.5 High |
| The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password. | ||||
| CVE-2023-38363 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 4.3 Medium |
| IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 260818. | ||||
| CVE-2023-38344 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access. | ||||
| CVE-2023-38332 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 6.5 Medium |
| Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure. | ||||
| CVE-2023-38259 | 1 Apple | 1 Macos | 2024-11-21 | 5.5 Medium |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to access user-sensitive data. | ||||
| CVE-2023-38258 | 1 Apple | 1 Macos | 2024-11-21 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory. | ||||
| CVE-2023-38135 | 1 Intel | 1 Performance Maximizer | 2024-11-21 | 6.7 Medium |
| Improper authorization in some Intel(R) PM software may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-38132 | 2 Elecom, Logitec | 3 Lan-w451ngr, Lan-w451ngr Firmware, Lan-w451ngr | 2024-11-21 | 8.8 High |
| LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service. | ||||
| CVE-2023-38062 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 Medium |
| In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations | ||||
| CVE-2023-38059 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.3 Medium |
| The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34. | ||||
| CVE-2023-38043 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2024-11-21 | 7.8 High |
| A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. | ||||
| CVE-2023-38023 | 2 Intel, Scontain | 2 Software Guard Extensions, Scone | 2024-11-21 | 5.5 Medium |
| An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak." | ||||
| CVE-2023-38022 | 1 Fortanix | 1 Confidential Computing Manager | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user. | ||||
| CVE-2023-38021 | 1 Fortanix | 1 Confidential Computing Manager | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer. | ||||
| CVE-2023-37972 | 1 Multivendorx | 1 Product Stock Manager \& Notifier For Woocommerce | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce.This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1. | ||||