Export limit exceeded: 11725 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11725 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2818 | 1 Proofpoint | 1 Insider Threat Management | 2024-11-21 | 5.5 Medium |
| An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent monitoring. All versions prior to 7.14.3 are affected. Agents for MacOS and Linux and Cloud are unaffected. | ||||
| CVE-2023-2670 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228886 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-2626 | 1 Google | 10 Nest Hub, Nest Hub Firmware, Nest Hub Max and 7 more | 2024-11-21 | 7.5 High |
| There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. This issue allows unauthenticated nodes to craft radio frames using “Key ID Mode 2”: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP packets being allowed on the Thread network. This provides a pathway for an attacker to send/receive arbitrary IPv6 packets to devices on the LAN, potentially exploiting them if they lack additional authentication or contain any network vulnerabilities that would normally be mitigated by the home router’s NAT firewall. Effected devices have been mitigated through an automatic update beyond the affected range. | ||||
| CVE-2023-29975 | 1 Pfsense | 1 Pfsense | 2024-11-21 | 7.2 High |
| An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification. | ||||
| CVE-2023-29157 | 1 Intel | 1 One Boot Flash Update | 2024-11-21 | 8.4 High |
| Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-29062 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2024-11-21 | 3.8 Low |
| The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems. | ||||
| CVE-2023-29032 | 1 Apache | 1 Openmeetings | 2024-11-21 | 8.1 High |
| An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0 | ||||
| CVE-2023-28715 | 1 Intel | 1 Oneapi | 2024-11-21 | 5 Medium |
| Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-28714 | 3 Intel, Intel Proset Wireless Wifi Software For Windows, Microsoft | 3 Proset\/wireless Wifi, Intel Proset Wireless Wifi Software For Windows, Windows | 2024-11-21 | 8.2 High |
| Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-28584 | 1 Qualcomm | 144 Aqt1000, Aqt1000 Firmware, Csrb31024 and 141 more | 2024-11-21 | 7.5 High |
| Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA). | ||||
| CVE-2023-28397 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2024-11-21 | 7.8 High |
| Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated to potentially enable escalation of privileges via local access. | ||||
| CVE-2023-28385 | 2 Intel, Microsoft | 3 Next Unit Of Computing Firmware, Nuc Pro Software Suite, Windows | 2024-11-21 | 8.2 High |
| Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially enable escalation of privilage via local access. | ||||
| CVE-2023-28378 | 2 Intel, Microsoft | 4 Quickassist Technology, Quickassist Technology Firmware, Quickassist Technology Library and 1 more | 2024-11-21 | 6.7 Medium |
| Improper authorization in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-28377 | 1 Intel | 3 Nuc 11 Enthusiast Kit Nuc11phki7c, Nuc 11 Enthusiast Mini Pc Nuc11phki7caa, Usb Firmware | 2024-11-21 | 6.7 Medium |
| Improper authentication in some Intel(R) NUC Kit NUC11PH USB firmware installation software before version 1.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-28372 | 1 Purestorage | 1 Purity | 2024-11-21 | 6.5 Medium |
| A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock. | ||||
| CVE-2023-28121 | 1 Automattic | 2 Woocommerce Payments, Woopayments | 2024-11-21 | 9.8 Critical |
| An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated. | ||||
| CVE-2023-28055 | 1 Dell | 1 Networker | 2024-11-21 | 8.8 High |
| Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity. | ||||
| CVE-2023-27879 | 1 Intel | 8 Optane Memory H20 With Solid State Storage, Optane Memory H20 With Solid State Storage Firmware, Optane Ssd 905p and 5 more | 2024-11-21 | 6.8 Medium |
| Improper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access. | ||||
| CVE-2023-27877 | 1 Ibm | 1 Cloud Pak For Data | 2024-11-21 | 5.3 Medium |
| IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905. | ||||
| CVE-2023-27509 | 1 Intel | 1 Ispc Software Installer | 2024-11-21 | 6.6 Medium |
| Improper access control in some Intel(R) ISPC software installers before version 1.19.0 may allow an authenticated user to potentially enable escalation of privileges via local access. | ||||