Searching...
Please wait while we search the database
| CVE ID | Severity | Description | Published | Actions |
|---|---|---|---|---|
|
CVE-2023-3567
|
N/A |
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
|
24 Jul 2023
|
|
|
CVE-2023-33952
|
N/A |
A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel.
|
24 Jul 2023
|
|
|
CVE-2023-37466
|
CRITICAL |
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox. Version 3.10.0 contains a patch for the issue.
|
13 Jul 2023
|
|
|
CVE-2023-32049
|
HIGH |
Windows SmartScreen Security Feature Bypass Vulnerability
|
11 Jul 2023
|
|
|
CVE-2023-32046
|
HIGH |
Windows MSHTML Platform Elevation of Privilege Vulnerability
|
11 Jul 2023
|
|
|
CVE-2021-4406
|
N/A |
An administrator is able to execute commands as root via the alerts management dialog
|
10 Jul 2023
|
|
|
CVE-2021-42081
|
N/A |
An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.
|
10 Jul 2023
|
|
|
CVE-2021-42079
|
N/A |
An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.
|
10 Jul 2023
|
|
|
CVE-2021-42080
|
N/A |
An attacker is able to launch a Reflected XSS attack using a crafted URL.
|
10 Jul 2023
|
|
|
CVE-2021-42082
|
N/A |
Local users are able to execute scripts under root privileges.
|
10 Jul 2023
|
|
|
CVE-2021-42083
|
N/A |
An authenticated attacker is able to create alerts that trigger a stored XSS attack.
|
10 Jul 2023
|
|
|
CVE-2023-36377
|
N/A |
Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files.
|
03 Jul 2023
|
|
|
CVE-2023-3357
|
N/A |
A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system.
|
28 Jun 2023
|
|
|
CVE-2023-3358
|
N/A |
A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.
|
28 Jun 2023
|
|
|
CVE-2023-3439
|
N/A |
A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.
|
28 Jun 2023
|
|
|
CVE-2023-32409
|
N/A |
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.
|
23 Jun 2023
|
|
|
CVE-2023-3317
|
N/A |
A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. This flaw could allow an attacker to crash the system after 'features' memory release. This vulnerability could even lead to a kernel information leak problem.
|
23 Jun 2023
|
|
|
CVE-2023-3220
|
N/A |
An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference.
|
20 Jun 2023
|
|
|
CVE-2023-3022
|
N/A |
A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress.
|
19 Jun 2023
|
|
|
CVE-2023-35789
|
N/A |
An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments.
|
16 Jun 2023
|
|
|
CVE-2023-3268
|
N/A |
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
|
16 Jun 2023
|
|
|
CVE-2023-33140
|
N/A |
13 Jun 2023
|
||
|
CVE-2023-3161
|
N/A |
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.
|
12 Jun 2023
|
|
|
CVE-2023-3141
|
N/A |
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
|
09 Jun 2023
|
|
|
CVE-2023-2530
|
N/A |
A privilege escalation allowing remote code execution was discovered in the orchestration service.
|
07 Jun 2023
|
CVE-2023-3567
N/A
24 Jul 2023
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
CVE-2023-33952
N/A
24 Jul 2023
A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel.
CVE-2023-37466
CRITICAL
13 Jul 2023
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox. Version 3.10.0 contains a patch for the issue.
CVE-2023-32049
HIGH
11 Jul 2023
Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-32046
HIGH
11 Jul 2023
Windows MSHTML Platform Elevation of Privilege Vulnerability
CVE-2021-4406
N/A
10 Jul 2023
An administrator is able to execute commands as root via the alerts management dialog
CVE-2021-42081
N/A
10 Jul 2023
An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.
CVE-2021-42079
N/A
10 Jul 2023
An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.
CVE-2021-42080
N/A
10 Jul 2023
An attacker is able to launch a Reflected XSS attack using a crafted URL.
CVE-2021-42082
N/A
10 Jul 2023
Local users are able to execute scripts under root privileges.
CVE-2021-42083
N/A
10 Jul 2023
An authenticated attacker is able to create alerts that trigger a stored XSS attack.
CVE-2023-36377
N/A
03 Jul 2023
Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files.
CVE-2023-3357
N/A
28 Jun 2023
A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system.
CVE-2023-3358
N/A
28 Jun 2023
A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.
CVE-2023-3439
N/A
28 Jun 2023
A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.
CVE-2023-32409
N/A
23 Jun 2023
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.
CVE-2023-3317
N/A
23 Jun 2023
A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. This flaw could allow an attacker to crash the system after 'features' memory release. This vulnerability could even lead to a kernel information leak problem.
CVE-2023-3220
N/A
20 Jun 2023
An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference.
CVE-2023-3022
N/A
19 Jun 2023
A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress.
CVE-2023-35789
N/A
16 Jun 2023
An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments.
CVE-2023-3268
N/A
16 Jun 2023
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
CVE-2023-33140
N/A
13 Jun 2023
CVE-2023-3161
N/A
12 Jun 2023
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.
CVE-2023-3141
N/A
09 Jun 2023
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
CVE-2023-2530
N/A
07 Jun 2023
A privilege escalation allowing remote code execution was discovered in the orchestration service.
Page 533 of 639
Page 533 of 639