Total
29058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32710 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 4.8 MEDIUM |
| In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run. | |||||
| CVE-2023-32709 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint. | |||||
| CVE-2023-32700 | 3 Luatex Project, Miktex, Tug | 3 Luatex, Miktex, Tex Live | 2024-11-21 | N/A | 7.8 HIGH |
| LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. | |||||
| CVE-2023-32662 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32651 | 1 Intel | 7 Killer, Killer Wi-fi 6e Ax1675, Killer Wi-fi 6e Ax1690 and 4 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2023-32645 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-32634 | 1 Softether | 1 Vpn | 2024-11-21 | N/A | 7.8 HIGH |
| An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability. | |||||
| CVE-2023-32626 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. | |||||
| CVE-2023-32544 | 1 Intel | 1 Nuc P14e Laptop Element | 2024-11-21 | N/A | 7.3 HIGH |
| Improper access control in some Intel HotKey Services for Windows 10 for Intel NUC P14E Laptop Element software installers before version 1.1.45 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-32493 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | N/A | 7.3 HIGH |
| Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution. | |||||
| CVE-2023-32489 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges. | |||||
| CVE-2023-32488 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | N/A | 5.3 MEDIUM |
| Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2023-32479 | 2 Dell, Microsoft | 4 Encryption, Endpoint Security Suite Enterprise, Security Management Server and 1 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation. | |||||
| CVE-2023-32450 | 1 Dell | 1 Power Manager | 2024-11-21 | N/A | 6.1 MEDIUM |
| Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access. | |||||
| CVE-2023-32285 | 1 Intel | 134 Compute Element Stk2mv64cc, Compute Element Stk2mv64cc Firmware, Nuc Board Nuc7i3bnb and 131 more | 2024-11-21 | N/A | 6.0 MEDIUM |
| Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2023-32279 | 1 Intel | 1 Connectivity Performance Suite | 2024-11-21 | N/A | 7.5 HIGH |
| Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2023-32230 | 1 Bosch | 7 Monitor Wall, Video Recording Manager, Video Streaming Gateway and 4 more | 2024-11-21 | N/A | 7.5 HIGH |
| An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. | |||||
| CVE-2023-32204 | 1 Intel | 1 One Boot Flash Update | 2024-11-21 | N/A | 8.8 HIGH |
| Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32100 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | N/A | 5.3 MEDIUM |
| Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | |||||
| CVE-2023-32099 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | N/A | 5.3 MEDIUM |
| Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | |||||