Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41303 | 1 Huawei | 2 Emui, Harmonyos | 2023-09-25 | N/A | 7.5 HIGH |
| Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified. | |||||
| CVE-2023-41300 | 1 Huawei | 2 Emui, Harmonyos | 2023-09-25 | N/A | 7.5 HIGH |
| Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | |||||
| CVE-2023-42805 | 1 Quinn Project | 1 Quinn | 2023-09-25 | N/A | 7.5 HIGH |
| quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases. | |||||
| CVE-2023-25533 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges. | |||||
| CVE-2023-25534 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2023-25530 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure. | |||||
| CVE-2023-31008 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2023-09-22 | N/A | 7.8 HIGH |
| NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, escalation of privileges, and information disclosure. | |||||
| CVE-2023-31009 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure. | |||||
| CVE-2023-31010 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2023-09-22 | N/A | 8.8 HIGH |
| NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, and denial of service. | |||||
| CVE-2023-31011 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2023-09-22 | N/A | 8.8 HIGH |
| NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure. | |||||
| CVE-2023-31012 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2023-09-22 | N/A | 8.8 HIGH |
| NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure. | |||||
| CVE-2023-31013 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2023-09-22 | N/A | 8.8 HIGH |
| NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure. | |||||
| CVE-2023-5104 | 1 Xgenecloud | 1 Nocodb | 2023-09-22 | N/A | 6.5 MEDIUM |
| Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0. | |||||
| CVE-2023-4680 | 1 Hashicorp | 1 Vault | 2023-09-20 | N/A | 6.8 MEDIUM |
| HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11. | |||||
| CVE-2023-3710 | 1 Honeywell | 2 Pm43, Pm43 Firmware | 2023-09-19 | N/A | 9.8 CRITICAL |
| Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006). | |||||
| CVE-2023-26068 | 1 Lexmark | 152 B2236, B2338, B2442 and 149 more | 2023-09-19 | N/A | 9.8 CRITICAL |
| Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4). | |||||
| CVE-2023-26067 | 1 Lexmark | 163 B2236, B2338, B2442 and 160 more | 2023-09-19 | N/A | 8.1 HIGH |
| Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4). | |||||
| CVE-2022-24093 | 1 Adobe | 2 Commerce, Magento Open Source | 2023-09-18 | N/A | 7.2 HIGH |
| Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution. | |||||
| CVE-2023-32323 | 1 Matrix | 1 Synapse | 2023-09-18 | N/A | 4.3 MEDIUM |
| Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled are not affected. In versions of Synapse up to and including 1.73, Synapse did not limit the size of `invite_room_state`, meaning that it was possible to create an arbitrarily large invite event. Synapse 1.74 refuses to create oversized `invite_room_state` fields. Server operators should upgrade to Synapse 1.74 or newer urgently. | |||||
| CVE-2021-23192 | 1 Samba | 1 Samba | 2023-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. | |||||