Lucene search

K

C Security Vulnerabilities

cve
cve

CVE-2023-33412

The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request...

8.8CVSS

8.5AI Score

0.001EPSS

2023-12-07 06:15 PM
13
cve
cve

CVE-2023-33413

The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary...

8.8CVSS

8.6AI Score

0.001EPSS

2023-12-07 06:15 PM
10
cve
cve

CVE-2023-33411

A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing...

7.5CVSS

7.5AI Score

0.001EPSS

2023-12-07 06:15 PM
8
cve
cve

CVE-2023-26154

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0;...

5.9CVSS

5.6AI Score

0.001EPSS

2023-12-06 05:15 AM
29
cve
cve

CVE-2023-33107

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL...

8.4CVSS

8.2AI Score

0.001EPSS

2023-12-05 03:15 AM
133
In Wild
cve
cve

CVE-2023-33070

Transient DOS in Automotive OS due to improper authentication to the secure IO...

7.1CVSS

5.6AI Score

0.0004EPSS

2023-12-05 03:15 AM
29
cve
cve

CVE-2023-33063

Memory corruption in DSP Services during a remote call from HLOS to...

7.8CVSS

8.1AI Score

0.001EPSS

2023-12-05 03:15 AM
136
In Wild
cve
cve

CVE-2023-33018

Memory corruption while using the UIM diag command to get the operators...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-12-05 03:15 AM
31
cve
cve

CVE-2023-33017

Memory corruption in Boot while running a ListVars test in UEFI Menu during...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-12-05 03:15 AM
24
cve
cve

CVE-2023-28586

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in...

6.5CVSS

6.4AI Score

0.0004EPSS

2023-12-05 03:15 AM
26
cve
cve

CVE-2023-28585

Memory corruption while loading an ELF segment in TEE...

8.8CVSS

8.8AI Score

0.0004EPSS

2023-12-05 03:15 AM
30
cve
cve

CVE-2023-28551

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input...

7.8CVSS

7.9AI Score

0.0004EPSS

2023-12-05 03:15 AM
27
cve
cve

CVE-2023-28550

Memory corruption in MPP performance while accessing DSM watermark using external memory...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-12-05 03:15 AM
28
cve
cve

CVE-2023-22383

Memory Corruption in camera while installing a fd for a particular DMA...

7.8CVSS

7.6AI Score

0.0004EPSS

2023-12-05 03:15 AM
25
cve
cve

CVE-2023-28546

Memory Corruption in SPS Application while exporting public key in sorter...

7.8CVSS

7.6AI Score

0.0004EPSS

2023-12-05 03:15 AM
24
cve
cve

CVE-2023-28811

There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched...

7.4CVSS

6.7AI Score

0.0004EPSS

2023-11-23 07:15 AM
27
cve
cve

CVE-2023-43757

Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected...

6.5CVSS

6.4AI Score

0.001EPSS

2023-11-16 07:15 AM
18
cve
cve

CVE-2023-32655

Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local...

7.3CVSS

7.3AI Score

0.0004EPSS

2023-11-14 07:15 PM
21
cve
cve

CVE-2023-33059

Memory corruption in Audio while processing the VOC packet data from...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-11-07 06:15 AM
35
cve
cve

CVE-2023-33031

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-11-07 06:15 AM
35
cve
cve

CVE-2023-28554

Information Disclosure in Qualcomm IPC while reading values from shared memory in...

6.1CVSS

5.3AI Score

0.0004EPSS

2023-11-07 06:15 AM
39
cve
cve

CVE-2023-28556

Cryptographic issue in HLOS during key...

7.8CVSS

7.6AI Score

0.0004EPSS

2023-11-07 06:15 AM
39
cve
cve

CVE-2023-24852

Memory Corruption in Core due to secure memory access by user while loading modem...

8.4CVSS

7.5AI Score

0.0004EPSS

2023-11-07 06:15 AM
35
cve
cve

CVE-2023-22388

Memory Corruption in Multi-mode Call Processor while processing bit mask...

9.8CVSS

9.3AI Score

0.001EPSS

2023-11-07 06:15 AM
48
cve
cve

CVE-2023-4607

An authenticated XCC user can change permissions for any user through a crafted API...

8.8CVSS

8.4AI Score

0.001EPSS

2023-10-25 06:17 PM
14
cve
cve

CVE-2023-44203

An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a.....

6.5CVSS

6.4AI Score

0.0004EPSS

2023-10-13 12:15 AM
26
cve
cve

CVE-2023-44191

An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific.....

7.5CVSS

7.4AI Score

0.0005EPSS

2023-10-13 12:15 AM
20
cve
cve

CVE-2023-37536

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP...

8.8CVSS

8.5AI Score

0.007EPSS

2023-10-11 07:15 AM
43
cve
cve

CVE-2023-36566

Microsoft Common Data Model SDK Denial of Service...

6.5CVSS

6.8AI Score

0.001EPSS

2023-10-10 06:15 PM
18
cve
cve

CVE-2023-5399

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the File...

9.8CVSS

9.3AI Score

0.001EPSS

2023-10-04 07:15 PM
27
cve
cve

CVE-2023-5402

A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the...

9.8CVSS

9.5AI Score

0.002EPSS

2023-10-04 06:15 PM
14
cve
cve

CVE-2023-24848

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line...

8.2CVSS

7.3AI Score

0.001EPSS

2023-10-03 06:15 AM
31
cve
cve

CVE-2023-24847

Transient DOS in Modem while allocating DSM...

7.5CVSS

7.5AI Score

0.0005EPSS

2023-10-03 06:15 AM
39
cve
cve

CVE-2023-22385

Memory Corruption in Data Modem while making a MO call or MT VOLTE...

9.8CVSS

9.3AI Score

0.001EPSS

2023-10-03 06:15 AM
34
cve
cve

CVE-2023-20231

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the...

8.8CVSS

9AI Score

0.001EPSS

2023-09-27 06:15 PM
53
cve
cve

CVE-2023-36851

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an...

5.3CVSS

6.6AI Score

0.006EPSS

2023-09-27 03:18 PM
246
In Wild
cve
cve

CVE-2023-2262

A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously...

9.8CVSS

9.7AI Score

0.001EPSS

2023-09-20 04:15 PM
19
cve
cve

CVE-2023-25608

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all...

6.5CVSS

6.5AI Score

0.0005EPSS

2023-09-13 01:15 PM
12
cve
cve

CVE-2023-33020

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA...

7.5CVSS

7.5AI Score

0.0005EPSS

2023-09-05 07:15 AM
30
cve
cve

CVE-2023-33019

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA...

7.5CVSS

7.5AI Score

0.0005EPSS

2023-09-05 07:15 AM
29
cve
cve

CVE-2023-41180

Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. The Disable Peer Verification property of InvokeHTTP was effectively flipped, disabling verification by default,...

5.9CVSS

5.6AI Score

0.0004EPSS

2023-09-03 04:15 PM
23
cve
cve

CVE-2021-32050

Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may...

7.5CVSS

7.6AI Score

0.001EPSS

2023-08-29 04:15 PM
44
cve
cve

CVE-2023-3453

ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service...

8.1CVSS

8AI Score

0.0004EPSS

2023-08-23 10:15 PM
30
cve
cve

CVE-2023-34853

Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar...

7.8CVSS

7.5AI Score

0.0004EPSS

2023-08-22 07:16 PM
24
cve
cve

CVE-2021-32292

An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function...

9.8CVSS

9.2AI Score

0.001EPSS

2023-08-22 07:16 PM
157
cve
cve

CVE-2020-22217

Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in...

5.9CVSS

5.7AI Score

0.0004EPSS

2023-08-22 07:16 PM
128
cve
cve

CVE-2023-36845

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution...

9.8CVSS

7.5AI Score

0.967EPSS

2023-08-17 08:15 PM
201
In Wild
cve
cve

CVE-2023-36847

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an...

5.3CVSS

6AI Score

0.027EPSS

2023-08-17 08:15 PM
174
In Wild
cve
cve

CVE-2023-36844

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment...

5.3CVSS

7AI Score

0.701EPSS

2023-08-17 08:15 PM
251
In Wild
cve
cve

CVE-2023-36846

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is...

5.3CVSS

6AI Score

0.027EPSS

2023-08-17 08:15 PM
183
In Wild
Total number of security vulnerabilities588