Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34622 | 1 Properfraction | 1 Profilepress | 2023-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3. . | |||||
| CVE-2023-32099 | 1 Silabs | 1 Gecko Software Development Kit | 2023-05-25 | N/A | 7.5 HIGH |
| Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | |||||
| CVE-2023-32100 | 1 Silabs | 1 Gecko Software Development Kit | 2023-05-25 | N/A | 7.5 HIGH |
| Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | |||||
| CVE-2023-32097 | 1 Silabs | 1 Gecko Software Development Kit | 2023-05-25 | N/A | 7.5 HIGH |
| Compiler removal of buffer clearing in sli_crypto_transparent_aead_decrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | |||||
| CVE-2023-32098 | 1 Silabs | 1 Gecko Software Development Kit | 2023-05-25 | N/A | 7.5 HIGH |
| Compiler removal of buffer clearing in sli_se_sign_message in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | |||||
| CVE-2023-32096 | 1 Silabs | 1 Gecko Software Development Kit | 2023-05-25 | N/A | 7.5 HIGH |
| Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | |||||
| CVE-2023-2481 | 1 Silabs | 1 Gecko Software Development Kit | 2023-05-25 | N/A | 7.5 HIGH |
| Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | |||||
| CVE-2023-0965 | 1 Silabs | 1 Gecko Software Development Kit | 2023-05-25 | N/A | 7.5 HIGH |
| Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | |||||
| CVE-2023-1132 | 1 Silabs | 1 Gecko Software Development Kit | 2023-05-25 | N/A | 7.5 HIGH |
| Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | |||||
| CVE-2020-3299 | 2 Cisco, Snort | 16 1100-4p, 1100-8p, 1101-4p and 13 more | 2023-05-22 | 5.0 MEDIUM | 5.8 MEDIUM |
| Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious payload. | |||||
| CVE-2023-1834 | 1 Rockwellautomation | 2 Kinetix 5500, Kinetix 5500 Firmware | 2023-05-22 | N/A | 9.1 CRITICAL |
| Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized access to the device through the open ports. | |||||
| CVE-2021-20313 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2023-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2023-2310 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2023-05-17 | N/A | 5.3 MEDIUM |
| A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details. | |||||
| CVE-2022-22023 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-05-17 | 6.9 MEDIUM | 6.6 MEDIUM |
| Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability | |||||
| CVE-2001-0897 | 1 Infopop | 1 Ultimate Bulletin Board | 2023-05-16 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field. | |||||
| CVE-2023-1383 | 2 Amazon, Bestbuy | 3 Fire Os, Fire Tv Stick 3rd Gen, Insignia Tv | 2023-05-12 | N/A | 4.3 MEDIUM |
| An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3. | |||||
| CVE-2023-21496 | 1 Samsung | 1 Android | 2023-05-11 | N/A | 5.5 MEDIUM |
| Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level. | |||||
| CVE-2023-21505 | 1 Samsung | 1 Samsung Core Services | 2023-05-10 | N/A | 8.6 HIGH |
| Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox. | |||||
| CVE-2023-21486 | 1 Samsung | 1 Android | 2023-05-10 | N/A | 4.6 MEDIUM |
| Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | |||||
| CVE-2023-21485 | 1 Samsung | 1 Android | 2023-05-10 | N/A | 4.6 MEDIUM |
| Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | |||||