Total
10491 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45128 | 1 Gofiber | 1 Fiber | 2024-11-21 | N/A | 10.0 CRITICAL |
| Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform various malicious actions on behalf of an authenticated user, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This issue has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes as defense in depth measures. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-44110 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 4.3 MEDIUM |
| Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-43745 | 2024-11-21 | N/A | 2.8 LOW | ||
| Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-43073 | 1 Dell | 1 Smartfabric Storage Software | 2024-11-21 | N/A | 4.3 MEDIUM |
| Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data. | |||||
| CVE-2023-42776 | 1 Intel | 1 Sgx Dcap | 2024-11-21 | N/A | 3.8 LOW |
| Improper input validation in some Intel(R) SGX DCAP software for Windows before version 1.19.100.3 may allow an authenticateed user to potentially enable information disclosure via local access. | |||||
| CVE-2023-42766 | 1 Intel | 4 Nuc 8 Compute Element Cm8v5cb, Nuc 8 Compute Element Cm8v5cb Firmware, Nuc 8 Compute Element Cm8v7cb and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| Improper input validation in some Intel NUC 8 Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-42527 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.6 MEDIUM |
| Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information. | |||||
| CVE-2023-42012 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | N/A | 6.2 MEDIUM |
| An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509. | |||||
| CVE-2023-41917 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution. | |||||
| CVE-2023-41781 | 1 Zte | 2 Mf258, Mf258 Firmware | 2024-11-21 | N/A | 5.7 MEDIUM |
| There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered. | |||||
| CVE-2023-41748 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2024-11-21 | N/A | 9.8 CRITICAL |
| Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | |||||
| CVE-2023-41746 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2024-11-21 | N/A | 9.8 CRITICAL |
| Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | |||||
| CVE-2023-41355 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking. | |||||
| CVE-2023-41336 | 1 Symfony | 1 Ux Autocomplete | 2024-11-21 | N/A | 6.5 MEDIUM |
| ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an `EntityType` that is *not* part of the valid choices. The problem has been fixed in `symfony/ux-autocomplete` version 2.11.2. | |||||
| CVE-2023-41316 | 1 Tolgee | 1 Tolgee | 2024-11-21 | N/A | 5.5 MEDIUM |
| Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitation emails which appear as legitimate org invitations. Bad actors may direct users to malicious website or execute javascript in the context of the users browser. This vulnerability has been addressed in version 3.29.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-40801 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn | |||||
| CVE-2023-40800 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn. | |||||
| CVE-2023-40798 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability. | |||||
| CVE-2023-40797 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability. | |||||
| CVE-2023-40097 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||