Export limit exceeded: 10803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10803 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33190 | 2 Sealos, Sealos Project | 2 Sealos, Sealos | 2024-11-21 | 10 Critical |
| Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.1-rc4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-33020 | 1 Qualcomm | 164 205, 205 Firmware, 215 and 161 more | 2024-11-21 | 7.5 High |
| Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE. | ||||
| CVE-2023-33019 | 1 Qualcomm | 193 205, 205 Firmware, 215 and 190 more | 2024-11-21 | 7.5 High |
| Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE. | ||||
| CVE-2023-32967 | 1 Qnap | 2 Qts, Qutscloud | 2024-11-21 | 5 Medium |
| An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later | ||||
| CVE-2023-32678 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 6.5 Medium |
| Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. This issue was fixed in Zulip Server version 7.3. | ||||
| CVE-2023-32662 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-11-21 | 6.7 Medium |
| Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32661 | 1 Intel | 3 Nuc Kit Nuc7cjyh, Nuc Kit Nuc7pjyh, Realtek Sd Card Reader Driver | 2024-11-21 | 6.7 Medium |
| Improper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software before version 10.0.19041.29098 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32647 | 1 Intel | 1 Extreme Tuning Utility | 2024-11-21 | 6.8 Medium |
| Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32609 | 1 Intel | 1 Unite | 2024-11-21 | 5 Medium |
| Improper access control in the Intel Unite(R) android application before version 4.2.3504 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2023-32572 | 1 Purestorage | 1 Purity\/\/fa | 2024-11-21 | 6.5 Medium |
| A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. | ||||
| CVE-2023-32482 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 4.9 Medium |
| Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group. | ||||
| CVE-2023-32479 | 2 Dell, Microsoft | 4 Encryption, Endpoint Security Suite Enterprise, Security Management Server and 1 more | 2024-11-21 | 6.7 Medium |
| Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation. | ||||
| CVE-2023-32477 | 1 Dell | 1 Common Event Enabler | 2024-11-21 | 7.8 High |
| Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges. | ||||
| CVE-2023-32458 | 1 Emc | 1 Appsync | 2024-11-21 | 7.3 High |
| Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation. | ||||
| CVE-2023-32453 | 1 Dell | 222 Alienware M15 R7, Alienware M15 R7 Firmware, Alienware M16 and 219 more | 2024-11-21 | 4.6 Medium |
| Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator. | ||||
| CVE-2023-32333 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 6.5 Medium |
| IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073. | ||||
| CVE-2023-32285 | 1 Intel | 134 Compute Element Stk2mv64cc, Compute Element Stk2mv64cc Firmware, Nuc Board Nuc7i3bnb and 131 more | 2024-11-21 | 6 Medium |
| Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2023-32279 | 1 Intel | 1 Connectivity Performance Suite | 2024-11-21 | 7.5 High |
| Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access. | ||||
| CVE-2023-32204 | 1 Intel | 1 One Boot Flash Update | 2024-11-21 | 8.8 High |
| Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32202 | 1 Walchem | 2 Intuition 9, Intuition 9 Firmware | 2024-11-21 | 6.5 Medium |
| Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device. | ||||