Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32489 | 1 Dell | 1 Powerscale Onefs | 2023-08-22 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges. | |||||
| CVE-2023-32493 | 1 Dell | 1 Powerscale Onefs | 2023-08-22 | N/A | 9.8 CRITICAL |
| Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution. | |||||
| CVE-2023-4381 | 1 Instantcms | 1 Instantcms | 2023-08-22 | N/A | 4.3 MEDIUM |
| Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | |||||
| CVE-2023-3265 | 1 Cyberpower | 1 Powerpanel Server | 2023-08-22 | N/A | 9.8 CRITICAL |
| An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator with hardcoded default credentials. | |||||
| CVE-2023-3266 | 1 Cyberpower | 1 Powerpanel Server | 2023-08-22 | N/A | 9.8 CRITICAL |
| A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully. | |||||
| CVE-2023-39945 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2023-08-22 | N/A | 7.5 HIGH |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue. | |||||
| CVE-2023-21292 | 1 Google | 1 Android | 2023-08-21 | N/A | 5.5 MEDIUM |
| In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21289 | 1 Google | 1 Android | 2023-08-21 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40023 | 1 Yaklang | 1 Yaklang | 2023-08-21 | N/A | 7.5 HIGH |
| yaklang is a programming language designed for cybersecurity. The Yak Engine has been found to contain a local file inclusion (LFI) vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to the unintended exposure of sensitive data, potential remote code execution, or other security breaches. Users utilizing versions of the Yak Engine prior to 1.2.4-sp1 are impacted. This vulnerability has been patched in version 1.2.4-sp1. Users are advised to upgrade. users unable to upgrade may avoid exposing vulnerable versions to untrusted input and to closely monitor any unexpected server behavior until they can upgrade. | |||||
| CVE-2023-21279 | 1 Google | 1 Android | 2023-08-21 | N/A | 5.5 MEDIUM |
| In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21283 | 1 Google | 1 Android | 2023-08-21 | N/A | 5.5 MEDIUM |
| In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2023-21285 | 1 Google | 1 Android | 2023-08-21 | N/A | 5.5 MEDIUM |
| In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-38751 | 1 Jpcert | 1 Special Interest Group Network For Analysis And Liaison | 2023-08-18 | N/A | 4.3 MEDIUM |
| Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation. | |||||
| CVE-2023-38752 | 1 Jpcert | 1 Special Interest Group Network For Analysis And Liaison | 2023-08-18 | N/A | 4.3 MEDIUM |
| Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings. | |||||
| CVE-2023-39406 | 1 Huawei | 2 Emui, Harmonyos | 2023-08-17 | N/A | 7.5 HIGH |
| Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart. | |||||
| CVE-2021-28500 | 1 Arista | 1 Eos | 2023-08-17 | 6.9 MEDIUM | 7.8 HIGH |
| An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. | |||||
| CVE-2022-29470 | 1 Intel | 1 Dynamic Tuning Technology | 2023-08-17 | N/A | 7.8 HIGH |
| Improper access control in the Intel DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-3458 | 1 Cisco | 10 Adaptive Security Appliance Software, Firepower 1010, Firepower 1120 and 7 more | 2023-08-16 | 4.6 MEDIUM | 6.7 MEDIUM |
| Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism. The vulnerabilities are due to insufficient protections of the secure boot process. An attacker could exploit these vulnerabilities by injecting code into specific files that are then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device, which would be executed at each boot and maintain persistence across reboots. | |||||
| CVE-2019-12698 | 1 Cisco | 13 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5505 and 10 more | 2023-08-16 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for a specific WebVPN HTTP page request. An attacker could exploit this vulnerability by sending multiple WebVPN HTTP page load requests for a specific URL. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition, which could cause traffic to be delayed through the device. | |||||
| CVE-2023-29320 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-08-15 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting feature. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||