Search
Total
831 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25399 | 1 Scipy | 1 Scipy | 2023-08-24 | N/A | 5.5 MEDIUM |
| A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. | |||||
| CVE-2023-39743 | 1 Pete4abw | 1 Lzma Software Development Kit | 2023-08-23 | N/A | 5.3 MEDIUM |
| lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c. | |||||
| CVE-2022-41804 | 3 Debian, Fedoraproject, Intel | 382 Debian Linux, Fedora, Xeon Bronze 3408u and 379 more | 2023-08-22 | N/A | 6.7 MEDIUM |
| Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32489 | 1 Dell | 1 Powerscale Onefs | 2023-08-22 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges. | |||||
| CVE-2023-32488 | 1 Dell | 1 Powerscale Onefs | 2023-08-22 | N/A | 4.3 MEDIUM |
| Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2023-4381 | 1 Instantcms | 1 Instantcms | 2023-08-22 | N/A | 4.3 MEDIUM |
| Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | |||||
| CVE-2023-21292 | 1 Google | 1 Android | 2023-08-21 | N/A | 5.5 MEDIUM |
| In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21289 | 1 Google | 1 Android | 2023-08-21 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21279 | 1 Google | 1 Android | 2023-08-21 | N/A | 5.5 MEDIUM |
| In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21283 | 1 Google | 1 Android | 2023-08-21 | N/A | 5.5 MEDIUM |
| In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2023-21285 | 1 Google | 1 Android | 2023-08-21 | N/A | 5.5 MEDIUM |
| In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-41984 | 1 Intel | 4 Arc A750, Arc A750 Firmware, Arc A770 and 1 more | 2023-08-21 | N/A | 4.4 MEDIUM |
| Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2023-20593 | 3 Amd, Debian, Xen | 140 Athlon Gold 7220u, Athlon Gold 7220u Firmware, Epyc 7232p and 137 more | 2023-08-21 | N/A | 5.5 MEDIUM |
| An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. | |||||
| CVE-2022-3443 | 1 Google | 1 Chrome | 2023-08-19 | N/A | 4.3 MEDIUM |
| Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-38751 | 1 Jpcert | 1 Special Interest Group Network For Analysis And Liaison | 2023-08-18 | N/A | 4.3 MEDIUM |
| Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation. | |||||
| CVE-2023-38752 | 1 Jpcert | 1 Special Interest Group Network For Analysis And Liaison | 2023-08-18 | N/A | 4.3 MEDIUM |
| Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings. | |||||
| CVE-2023-28385 | 2 Intel, Microsoft | 2 Next Unit Of Computing Firmware, Windows | 2023-08-18 | N/A | 6.7 MEDIUM |
| Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially enable escalation of privilage via local access. | |||||
| CVE-2022-43505 | 1 Intel | 1812 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1809 more | 2023-08-17 | N/A | 4.4 MEDIUM |
| Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-27635 | 1 Intel | 15 Killer, Killer Wi-fi 6 Ax1650i\/s, Killer Wi-fi 6e Ax1675i\/s and 12 more | 2023-08-17 | N/A | 6.7 MEDIUM |
| Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-40964 | 1 Intel | 15 Killer, Killer Wi-fi 6 Ax1650i\/s, Killer Wi-fi 6e Ax1675i\/s and 12 more | 2023-08-17 | N/A | 6.7 MEDIUM |
| Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-37343 | 1 Intel | 228 Atom C3308, Atom C3308 Firmware, Atom C3336 and 225 more | 2023-08-17 | N/A | 6.7 MEDIUM |
| Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-46329 | 1 Intel | 4 Killer, Proset\/wireless Wifi, Uefi Firmware and 1 more | 2023-08-17 | N/A | 6.7 MEDIUM |
| Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32285 | 1 Intel | 134 Compute Element Stk2mv64cc, Compute Element Stk2mv64cc Firmware, Nuc Board Nuc7i3bnb and 131 more | 2023-08-17 | N/A | 4.4 MEDIUM |
| Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2021-34794 | 1 Cisco | 18 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 15 more | 2023-08-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due to ineffective access control. An attacker could exploit this vulnerability by sending an SNMPv3 query to an affected device from a host that is not permitted by the SNMPv3 access control list. A successful exploit could allow the attacker to send an SNMP query to an affected device and retrieve information from the device. The attacker would need valid credentials to perform the SNMP query. | |||||
| CVE-2020-3458 | 1 Cisco | 10 Adaptive Security Appliance Software, Firepower 1010, Firepower 1120 and 7 more | 2023-08-16 | 4.6 MEDIUM | 6.7 MEDIUM |
| Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism. The vulnerabilities are due to insufficient protections of the secure boot process. An attacker could exploit these vulnerabilities by injecting code into specific files that are then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device, which would be executed at each boot and maintain persistence across reboots. | |||||
| CVE-2022-20826 | 1 Cisco | 7 Adaptive Security Appliance Software, Firepower Threat Defense, Secure Firewall 3105 and 4 more | 2023-08-16 | N/A | 6.8 MEDIUM |
| A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device to bypass the secure boot functionality. This vulnerability is due to a logic error in the boot process. An attacker could exploit this vulnerability by injecting malicious code into a specific memory location during the boot process of an affected device. A successful exploit could allow the attacker to execute persistent code at boot time and break the chain of trust. | |||||
| CVE-2023-30704 | 1 Samsung | 1 Internet | 2023-08-15 | N/A | 4.6 MEDIUM |
| Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication. | |||||
| CVE-2023-30654 | 1 Samsung | 1 Android | 2023-08-15 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location. | |||||
| CVE-2019-1695 | 1 Cisco | 6 Adaptive Security Appliance Software, Firepower 2110, Firepower 2120 and 3 more | 2023-08-15 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software improperly filters Ethernet frames sent to an affected device. An attacker could exploit this vulnerability by sending crafted packets to the management interface of an affected device. A successful exploit could allow the attacker to bypass the Layer 2 (L2) filters and send data directly to the kernel of the affected device. A malicious frame successfully delivered would make the target device generate a specific syslog entry. | |||||
| CVE-2023-39218 | 1 Zoom | 3 Rooms, Virtual Desktop Infrastructure, Zoom | 2023-08-11 | N/A | 4.9 MEDIUM |
| Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. | |||||
| CVE-2023-36535 | 1 Zoom | 3 Rooms, Virtual Desktop Infrastructure, Zoom | 2023-08-11 | N/A | 6.5 MEDIUM |
| Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. | |||||
| CVE-2021-30947 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-08-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user's files. | |||||
| CVE-2023-30952 | 1 Palantir | 1 Foundry | 2023-08-08 | N/A | 4.3 MEDIUM |
| A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 . | |||||
| CVE-2022-20288 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204082360 | |||||
| CVE-2022-20287 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204082784 | |||||
| CVE-2022-20285 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230868108 | |||||
| CVE-2022-20289 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-203683960 | |||||
| CVE-2022-27661 | 1 Cybozu | 1 Garoon | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow. | |||||
| CVE-2022-25986 | 1 Cybozu | 1 Office | 2023-08-08 | N/A | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler. | |||||
| CVE-2022-2622 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2023-08-08 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. | |||||
| CVE-2022-20332 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180019130 | |||||
| CVE-2022-32544 | 1 Cybozu | 1 Office | 2023-08-08 | N/A | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors. | |||||
| CVE-2022-0093 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive information through RSS feeds. | |||||
| CVE-2022-2512 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs. | |||||
| CVE-2022-29855 | 1 Mitel | 18 6865i Sip, 6865i Sip Firmware, 6867i Sip and 15 more | 2023-08-08 | 7.2 HIGH | 6.8 MEDIUM |
| Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution. | |||||
| CVE-2022-2539 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization. | |||||
| CVE-2022-33311 | 1 Cybozu | 1 Office | 2023-08-08 | N/A | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors. | |||||
| CVE-2021-33128 | 1 Intel | 2 Ethernet Controller E810, Ethernet Controller E810 Firmware | 2023-08-08 | N/A | 4.4 MEDIUM |
| Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.0.6 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-22654 | 1 Apple | 2 Safari, Watchos | 2023-08-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2022-34298 | 1 Openidentityplatform | 1 Openam | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack." | |||||