Total
304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5078 | 1 Lenovo | 40 Thinkpad L13 Gen 2, Thinkpad L13 Gen 2 Firmware, Thinkpad L13 Gen 3 and 37 more | 2023-11-16 | N/A | 6.7 MEDIUM |
| A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware. | |||||
| CVE-2023-1719 | 1 Bitrix24 | 1 Bitrix24 | 2023-11-09 | N/A | 9.8 CRITICAL |
| Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables. | |||||
| CVE-2021-33635 | 1 Openeuler | 1 Isula | 2023-11-08 | N/A | 7.8 HIGH |
| When malicious images are pulled by isula pull, attackers can execute arbitrary code. | |||||
| CVE-2021-33636 | 1 Openeuler | 1 Isula | 2023-11-08 | N/A | 7.8 HIGH |
| When the isula load command is used to load malicious images, attackers can execute arbitrary code. | |||||
| CVE-2021-33637 | 1 Openeuler | 1 Isula | 2023-11-08 | N/A | 6.5 MEDIUM |
| When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container. | |||||
| CVE-2021-33634 | 1 Openeuler | 1 Icr | 2023-11-08 | N/A | 5.5 MEDIUM |
| iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS. | |||||
| CVE-2021-33638 | 1 Openeuler | 1 Isula | 2023-11-08 | N/A | 6.5 MEDIUM |
| When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container. | |||||
| CVE-2023-27887 | 1 Intel | 48 Nuc 11 Pro Board Nuc11tnbi3, Nuc 11 Pro Board Nuc11tnbi30z, Nuc 11 Pro Board Nuc11tnbi30z Firmware and 45 more | 2023-11-07 | N/A | 4.4 MEDIUM |
| Improper initialization in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-23555 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2023-11-07 | N/A | 7.5 HIGH |
| On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-22444 | 1 Intel | 222 Nuc 11 Compute Element Cm11ebc4w, Nuc 11 Compute Element Cm11ebc4w Firmware, Nuc 11 Compute Element Cm11ebi38w and 219 more | 2023-11-07 | N/A | 4.4 MEDIUM |
| Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board and Intel(R) NUC Pro Mini PC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-22356 | 1 Intel | 422 Nuc 11 Compute Element Cm11ebc4w, Nuc 11 Compute Element Cm11ebc4w Firmware, Nuc 11 Compute Element Cm11ebi38w and 419 more | 2023-11-07 | N/A | 4.4 MEDIUM |
| Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-1513 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2023-11-07 | N/A | 3.3 LOW |
| A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. | |||||
| CVE-2022-46164 | 1 Nodebb | 1 Nodebb | 2023-11-07 | N/A | 9.8 CRITICAL |
| NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised to upgrade. Users unable to upgrade may cherry-pick commit `48d143921753914da45926cca6370a92ed0c46b8` into their codebase to patch the exploit. | |||||
| CVE-2022-38083 | 1 Intel | 474 Core I5-7640x, Core I5-7640x Firmware, Core I7-3820 and 471 more | 2023-11-07 | N/A | 4.4 MEDIUM |
| Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-31477 | 1 Intel | 70 Cm11ebc4w, Cm11ebc4w Firmware, Cm11ebi38w and 67 more | 2023-11-07 | N/A | 4.4 MEDIUM |
| Improper initialization for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-2620 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2023-11-07 | N/A | 8.8 HIGH |
| Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-22719 | 5 Apache, Apple, Debian and 2 more | 7 Http Server, Mac Os X, Macos and 4 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. | |||||
| CVE-2022-21724 | 4 Debian, Fedoraproject, Postgresql and 1 more | 4 Debian Linux, Fedora, Postgresql Jdbc Driver and 1 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-20731 | 1 Cisco | 3 Catalyst Digital Building Series Switches, Catalyst Digital Building Series Switches Firmware, Ios Rommon | 2023-11-07 | 7.2 HIGH | 6.8 MEDIUM |
| Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20661 | 1 Cisco | 6 Cdb-8p, Cdb-8u, Cmicr-4pc and 3 more | 2023-11-07 | 4.9 MEDIUM | 4.6 MEDIUM |
| Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||