Search Results (25419 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-25956 1 Apache 1 Apache-airflow-providers-amazon 2024-11-21 7.5 High
Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1.
CVE-2023-25951 1 Intel 7 Killer, Killer Wi-fi 6e Ax1675, Killer Wi-fi 6e Ax1690 and 4 more 2024-11-21 6 Medium
Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-25938 1 Dell 868 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 865 more 2024-11-21 5.1 Medium
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
CVE-2023-25937 1 Dell 868 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 865 more 2024-11-21 5.1 Medium
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
CVE-2023-25936 1 Dell 868 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 865 more 2024-11-21 5.1 Medium
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
CVE-2023-25859 3 Adobe, Apple, Microsoft 3 Illustrator, Macos, Windows 2024-11-21 7.8 High
Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-25696 1 Apache 1 Apache-airflow-providers-apache-hive 2024-11-21 9.8 Critical
Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3.
CVE-2023-25651 1 Zte 4 Mf286r, Mf286r Firmware, Mf833u1 and 1 more 2024-11-21 4.3 Medium
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.
CVE-2023-25534 1 Nvidia 2 Dgx H100, Dgx H100 Firmware 2024-11-21 5.7 Medium
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
CVE-2023-25533 1 Nvidia 3 Dgx H100, Dgx H100 Bmc, Dgx H100 Firmware 2024-11-21 8.3 High
NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges.
CVE-2023-25530 1 Nvidia 3 Dgx H100, Dgx H100 Bmc, Dgx H100 Firmware 2024-11-21 8 High
NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.
CVE-2023-25529 1 Nvidia 2 Dgx H100, Dgx H100 Firmware 2024-11-21 8 High
NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.
CVE-2023-25520 1 Nvidia 5 Jetson Agx Xavier, Jetson Linux, Jetson Tx2 and 2 more 2024-11-21 4.4 Medium
NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service.
CVE-2023-24959 1 Ibm 1 Infosphere Information Server 2024-11-21 5.3 Medium
IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.
CVE-2023-24588 1 Intel 10 Optane Memory H20 With Solid State Storage, Optane Memory H20 With Solid State Storage Firmware, Optane Ssd 900p and 7 more 2024-11-21 5.9 Medium
Exposure of sensitive information to an unauthorized actor in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access.
CVE-2023-24463 1 Intel 1 Thunderbolt Dch Driver 2024-11-21 4.3 Medium
Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2023-24069 4 Apple, Linux, Microsoft and 1 more 4 Macos, Linux Kernel, Windows and 1 more 2024-11-21 3.3 Low
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access.
CVE-2023-23978 1 Switchwp 1 Wp Client Reports 2024-11-21 4.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SwitchWP WP Client Reports plugin <= 1.0.16 versions.
CVE-2023-23958 1 Symantec 1 Protection Engine 2024-11-21 6.8 Medium
Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability.
CVE-2023-23776 1 Fortinet 1 Fortianalyzer 2024-11-21 4.6 Medium
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer