Total
28764 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2255 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2023-11-26 | N/A | 5.3 MEDIUM |
| Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3. | |||||
| CVE-2022-41723 | 1 Golang | 3 Go, Hpack, Http2 | 2023-11-25 | N/A | 7.5 HIGH |
| A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | |||||
| CVE-2022-41715 | 1 Golang | 1 Go | 2023-11-25 | N/A | 7.5 HIGH |
| Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. | |||||
| CVE-2022-41689 | 1 Intel | 1 In-band Manageability | 2023-11-25 | N/A | 7.8 HIGH |
| Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-38786 | 1 Intel | 1 Battery Life Diagnostic Tool | 2023-11-25 | N/A | 7.8 HIGH |
| Improper access control in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-46908 | 1 Sqlite | 1 Sqlite | 2023-11-24 | N/A | 7.3 HIGH |
| SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. | |||||
| CVE-2023-39259 | 1 Dell | 1 Os Recovery Tool | 2023-11-23 | N/A | 7.8 HIGH |
| Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system. | |||||
| CVE-2021-21689 | 1 Jenkins | 1 Jenkins | 2023-11-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | |||||
| CVE-2022-27201 | 1 Jenkins | 2 Jenkins, Semantic Versioning | 2023-11-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | |||||
| CVE-2021-21696 | 1 Jenkins | 1 Jenkins | 2023-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process. | |||||
| CVE-2022-27195 | 1 Jenkins | 1 Parameterized Trigger | 2023-11-22 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2023-40540 | 1 Intel | 112 Nuc 11 Enthusiast Kit Nuc11phki7c, Nuc 11 Enthusiast Kit Nuc11phki7c Firmware, Nuc 11 Enthusiast Mini Pc Nuc11phki7caa and 109 more | 2023-11-22 | N/A | 4.4 MEDIUM |
| Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-43435 | 1 Jenkins | 1 360 Fireline | 2023-11-22 | N/A | 5.3 MEDIUM |
| Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | |||||
| CVE-2023-41570 | 1 Mikrotik | 1 Routeros | 2023-11-21 | N/A | 5.3 MEDIUM |
| MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API. | |||||
| CVE-2023-33872 | 1 Intel | 1 Support | 2023-11-21 | N/A | 5.5 MEDIUM |
| Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-32662 | 1 Intel | 1 Battery Life Diagnostic Tool | 2023-11-21 | N/A | 6.7 MEDIUM |
| Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-38411 | 1 Intel | 1 Smart Campus | 2023-11-21 | N/A | 7.8 HIGH |
| Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32279 | 1 Intel | 1 Connectivity Performance Suite | 2023-11-21 | N/A | 7.5 HIGH |
| Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2023-29157 | 1 Intel | 1 One Boot Flash Update | 2023-11-21 | N/A | 7.8 HIGH |
| Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32204 | 1 Intel | 1 One Boot Flash Update | 2023-11-21 | N/A | 7.8 HIGH |
| Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||