Total
350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5718 | 1 Vuejs | 1 Devtools | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e. a locally accessible file or sensitive website), and registering a listener on the web page, the extension sent messages back to the listener, containing the base64 encoded screenshot data of the sensitive resource. | |||||
| CVE-2023-4045 | 2 Debian, Mozilla | 2 Debian Linux, Firefox | 2024-11-21 | N/A | 5.3 MEDIUM |
| Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | |||||
| CVE-2023-47200 | 1 Trendmicro | 1 Apex One | 2024-11-21 | N/A | 7.8 HIGH |
| A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47201. | |||||
| CVE-2023-47199 | 1 Trendmicro | 1 Apex One | 2024-11-21 | N/A | 7.8 HIGH |
| An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47193. | |||||
| CVE-2023-47198 | 1 Trendmicro | 1 Apex One | 2024-11-21 | N/A | 7.8 HIGH |
| An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47199. | |||||
| CVE-2023-47197 | 1 Trendmicro | 1 Apex One | 2024-11-21 | N/A | 7.8 HIGH |
| An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47198. | |||||
| CVE-2023-47196 | 1 Trendmicro | 1 Apex One | 2024-11-21 | N/A | 7.8 HIGH |
| An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47197. | |||||
| CVE-2023-47195 | 1 Trendmicro | 1 Apex One | 2024-11-21 | N/A | 7.8 HIGH |
| An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47196. | |||||
| CVE-2023-47194 | 1 Trendmicro | 1 Apex One | 2024-11-21 | N/A | 7.8 HIGH |
| An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47195. | |||||
| CVE-2023-47193 | 1 Trendmicro | 1 Apex One | 2024-11-21 | N/A | 7.8 HIGH |
| An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47194. | |||||
| CVE-2023-44190 | 1 Juniper | 6 Junos Os Evolved, Ptx10001, Ptx10001-36mr and 3 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device. This issue affects Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016: * All versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S4-EVO; * 22.2 versions 22.2R1-EVO and later; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; * 23.2 versions prior to 23.2R1-S1-EVO, 23.2R2-EVO. | |||||
| CVE-2023-44189 | 1 Juniper | 5 Junos Os Evolved, Ptx10003, Ptx10003 160c and 2 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device. This issue affects Juniper Networks Junos OS Evolved on PTX10003 Series: * All versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 version 22.2R1-EVO and later versions; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO. | |||||
| CVE-2023-40547 | 1 Redhat | 2 Enterprise Linux, Shim | 2024-11-21 | N/A | 8.3 HIGH |
| A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully. | |||||
| CVE-2023-3654 | 1 Cashit | 1 Cashit\! | 2024-11-21 | N/A | 9.4 CRITICAL |
| cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request. This vulnerability can be triggered by an HTTP endpoint exposed to the network. | |||||
| CVE-2023-3581 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | N/A | 6.2 MEDIUM |
| Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs. | |||||
| CVE-2023-37210 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 6.5 MEDIUM |
| A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. | |||||
| CVE-2023-30949 | 1 Palantir | 1 Slate | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks. | |||||
| CVE-2023-30856 | 1 Edex-ui Project | 1 Edex-ui | 2024-11-21 | N/A | 8.3 HIGH |
| eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The project has been archived since 2021, and as of time of publication there are no plans to patch this issue and release a new version. Some workarounds are available, including shutting down eDEX-UI when browsing the web and ensuring the eDEX terminal runs with lowest possible privileges. | |||||
| CVE-2023-2850 | 1 Nodebb | 1 Nodebb | 2024-11-21 | N/A | 4.7 MEDIUM |
| NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker. | |||||
| CVE-2023-2848 | 1 Movim | 1 Movim | 2024-11-21 | N/A | 8.0 HIGH |
| Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation. | |||||