Total
34381 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31462 | 1 Steelseries | 1 Gg | 2024-11-21 | 8.8 High |
| An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges. | ||||
| CVE-2023-31447 | 1 Draytek | 4 Vigor2620, Vigor2620 Firmware, Vigor2625 and 1 more | 2024-11-21 | 9.8 Critical |
| user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code. | ||||
| CVE-2023-31416 | 1 Elastic | 2 Apm Server, Elastic Cloud On Kubernetes | 2024-11-21 | 5.3 Medium |
| Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment. | ||||
| CVE-2023-31271 | 1 Intel | 1 Virtual Raid On Cpu | 2024-11-21 | 6.7 Medium |
| Improper access control in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-31203 | 1 Intel | 1 Openvino Model Server | 2024-11-21 | 4.3 Medium |
| Improper input validation in some OpenVINO Model Server software before version 2022.3 for Intel Distribution of OpenVINO toolkit may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2023-31191 | 1 Bluemark | 2 Dronescout Ds230, Dronescout Ds230 Firmware | 2024-11-21 | 9.3 Critical |
| DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection. An attacker can exploit this vulnerability by injecting, on carefully selected channels, high power spoofed Open Drone ID (ODID) messages which force the DroneScout ds230 Remote ID receiver to drop real Remote ID (RID) information and, instead, generate and transmit JSON encoded MQTT messages containing crafted RID information. Consequently, the MQTT broker, typically operated by a system integrator, will have no access to the drones’ real RID information. This issue affects the adjacent channel suppression algorithm present in DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042. | ||||
| CVE-2023-31042 | 1 Purestorage | 1 Purity | 2024-11-21 | 7.7 High |
| A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols. | ||||
| CVE-2023-31035 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | 7.5 High |
| NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure. | ||||
| CVE-2023-31027 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2024-11-21 | 8.2 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges. | ||||
| CVE-2023-30989 | 1 Ibm | 1 I | 2024-11-21 | 8.4 High |
| IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017. | ||||
| CVE-2023-30988 | 1 Ibm | 1 I | 2024-11-21 | 8.4 High |
| The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 254016. | ||||
| CVE-2023-30956 | 1 Palantir | 1 Foundry Comments | 2024-11-21 | 5.3 Medium |
| A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0. | ||||
| CVE-2023-30912 | 1 Hpe | 1 Oneview | 2024-11-21 | 7.2 High |
| A remote code execution issue exists in HPE OneView. | ||||
| CVE-2023-30911 | 1 Hpe | 77 Alletra 4110, Alletra 4120, Alletra 4140 and 74 more | 2024-11-21 | 6.8 Medium |
| HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service. | ||||
| CVE-2023-30909 | 2 Hp, Hpe | 3 Oneview, Oneview, Oneview Global Dashboard | 2024-11-21 | 9.8 Critical |
| A remote authentication bypass issue exists in some OneView APIs. | ||||
| CVE-2023-30906 | 1 Hpe | 1 Intelligent Provisioning | 2024-11-21 | 7.5 High |
| The vulnerability could be locally exploited to allow escalation of privilege. | ||||
| CVE-2023-30738 | 1 Samsung | 8 Galaxy Book, Galaxy Book Firmware, Galaxy Book Odyssey and 5 more | 2024-11-21 | 5.5 Medium |
| An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption. | ||||
| CVE-2023-30736 | 1 Samsung | 1 Samsung Assistant | 2024-11-21 | 4.4 Medium |
| Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required. | ||||
| CVE-2023-30732 | 1 Samsung | 1 Android | 2024-11-21 | 5.5 Medium |
| Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number. | ||||
| CVE-2023-30731 | 1 Samsung | 1 Android | 2024-11-21 | 5.7 Medium |
| Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type. | ||||