‼ CVE-2023-4304 ‼
📖 Read
via "National Vulnerability Database".
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37511 ‼
📖 Read
via "National Vulnerability Database".
If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22841 ‼
📖 Read
via "National Vulnerability Database".
Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29470 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in the Intel DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29871 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38102 ‼
📖 Read
via "National Vulnerability Database".
Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34086 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46329 ‼
📖 Read
via "National Vulnerability Database".
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38973 ‼
📖 Read
via "National Vulnerability Database".
Improper access control for some Intel(R) Arc(TM) graphics cards A770 and A750 sold between October of 2022 and December of 2022 may allow an authenticated user to potentially enable denial of service or infomation disclosure via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22840 ‼
📖 Read
via "National Vulnerability Database".
Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27505 ‼
📖 Read
via "National Vulnerability Database".
Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28405 ‼
📖 Read
via "National Vulnerability Database".
Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34355 ‼
📖 Read
via "National Vulnerability Database".
Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4108 ‼
📖 Read
via "National Vulnerability Database".
Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4107 ‼
📖 Read
via "National Vulnerability Database".
Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40254 ‼
📖 Read
via "National Vulnerability Database".
Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39553 ‼
📖 Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.This issue affects Apache Airflow Drill Provider: before 2.4.3.It is recommended to upgrade to a version that is not affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3823 ‼
📖 Read
via "National Vulnerability Database".
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. 📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40253 ‼
📖 Read
via "National Vulnerability Database".
Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Functionality Misuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4105 ‼
📖 Read
via "National Vulnerability Database".
Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3824 ‼
📖 Read
via "National Vulnerability Database".
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. 📖 Read
via "National Vulnerability Database".