Improper Input Validation
CWE-20

CVE IDCVSSVendorExploitPatchTrends
CVE-2023-35376Microsoft Message Queuing Denial of Service Vulnerability
CVSS 6.5Microsoft

-

Patched

Trending graph for this CVE
CVE-2023-35368Microsoft Exchange Remote Code Execution Vulnerability
CVSS 8.8Microsoft

-

Patched

Trending graph for this CVE
CVE-2023-35367Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS 9.8Microsoft

-

Patched

Trending graph for this CVE
CVE-2023-35366Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS 9.8Microsoft

-

Patched

Trending graph for this CVE
CVE-2023-35365Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS 9.8Microsoft

-

Patched

Trending graph for this CVE
CVE-2023-35349Microsoft Message Queuing Remote Code Execution Vulnerability
CVSS 9.8Microsoft

-

Patched

Trending graph for this CVE
CVE-2023-35336Windows MSHTML Platform Security Feature Bypass Vulnerability
CVSS 5.4Microsoft

-

Patched

Trending graph for this CVE
CVE-2023-35306Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVSS 5.5Microsoft

-

Patched

Trending graph for this CVE
CVE-2023-35303USB Audio Class System Driver Remote Code Execution Vulnerability
CVSS 8.8Microsoft

-

Patched

Trending graph for this CVE
CVE-2023-35163Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resulting in 5000USDT in that party’s general account. This is without depositing any more than the original 100USDT on the bridge. Despite this exploit requiring access to a validator's Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network. A patch is available in version 0.71.6. No known workarounds are available, however there are mitigations in place should this vulnerability be exploited. There are monitoring alerts for `mainnet1` in place to identify any issues of this nature including this vulnerability being exploited. The validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited.
CVSS 5.2Gobalsky

Exploit

Patched

Trending graph for this CVE
CVE-2023-35136An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device.
CVSS 5.5Zyxel

-

Patched

Trending graph for this CVE
CVE-2023-34983Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS 6.5Intel

-

Patched

Trending graph for this CVE
CVE-2023-34872A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
CVSS 5.5Freedesktop

Exploit

Patched

Trending graph for this CVE
CVE-2023-34457MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `<input type="file" ...>` inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took very specific (and manual) steps to reset HTML form field values. Version 1.3.0 contains a patch for this issue.
CVSS 7.5Mechanicalsoup project

Exploit

Patched

Trending graph for this CVE
CVE-2023-34448Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/GravExtension.php` to validate the argument passed to the filter in `$arrow`.
CVSS 7.2Getgrav

Exploit

Patched

Trending graph for this CVE
CVE-2023-34431Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access
CVSS 6.7Intel

-

Patched

Trending graph for this CVE
CVE-2023-34424Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access.
CVSS 4.4Intel

-

-

Trending graph for this CVE
CVE-2023-34422A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.
CVSS 6.5Lenovo

-

Patched

Trending graph for this CVE
CVE-2023-34421A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.
CVSS 6.5Lenovo

-

Patched

Trending graph for this CVE
CVE-2023-34390An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services. See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS 4.5Selinc

-

Patched

Trending graph for this CVE
CVE-2023-34317An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.
CVSS 6.5Openautomationsoftware

Exploit

-

Trending graph for this CVE
CVE-2023-34239Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 7.3Gradio project

-

Patched

Trending graph for this CVE
CVE-2023-34152A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
CVSS 9.8Fedoraproject, et al

Exploit

Patched

Trending graph for this CVE
CVE-2023-34150** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.
CVSS 5.3Apache

-

Patched

Trending graph for this CVE
CVE-2023-34122Improper input validation in the installer for Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.
CVSS 7.3Zoom

-

Patched

Trending graph for this CVE
CVE-2023-34121 Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.
CVSS 8.8Zoom

-

Patched

Trending graph for this CVE
CVE-2023-34111The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of `${{ github.event.pull_request.title }}` in a bash command within the GitHub workflow. Attackers can inject malicious commands which will be executed by the workflow. This happens because `${{ github.event.pull_request.title }}` is directly passed to bash command on like 25 of the workflow. This may allow an attacker to gain access to secrets which the github action has access to or to otherwise make use of the compute resources.
CVSS 9.8Tdengine

Exploit

-

Trending graph for this CVE
CVE-2023-34102Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes when viewing a manipulated record. This issue has been addressed in commit `ec117882d` which is expected to be included in subsequent releases. Users are advised to limit access to untrusted users until a new release is made.
CVSS 8.8Avohq

Exploit

Patched

Trending graph for this CVE
CVE-2023-33964mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Metachain cannot process a cross-shard miniblock. Prior to version 1.4.16, an invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor. This is strictly a processing issue that could have happened on MultiversX chain. If an error like this had occurred, the metachain would have stopped notarizing blocks from the shard chains. The resuming of notarization is possible only after applying a patched binary version. A patch in version 1.4.16 introduces `processIfTxErrorCrossShard` for the metachain transaction processor. There are no known workarounds for this issue.
CVSS 7.5Multiversx

-

Patched

Trending graph for this CVE
CVE-2023-33934Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.
CVSS 9.1Apache

-

Patched

Trending graph for this CVE
CVE-2023-33914In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information disclosure no additional execution privileges needed
CVSS 7.5

-

-

Trending graph for this CVE
CVE-2023-3341The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.
CVSS 7.5Fedoraproject, et al

-

Patched

Trending graph for this CVE
CVE-2023-33217 By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer
CVSS 7.5Idemia

-

Patched

Trending graph for this CVE
CVE-2023-33104[HIGH] These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.
CVSS 7.5

-

Patched

Trending graph for this CVE
CVE-2023-33103[HIGH] These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.
CVSS 7.5

-

Patched

Trending graph for this CVE
CVE-2023-33100[HIGH] These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.
CVSS 7.5

-

Patched

Trending graph for this CVE
CVE-2023-33099[HIGH] These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.
CVSS 7.5

-

Patched

Trending graph for this CVE
CVE-2023-33057[HIGH] These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.
CVSS 7.5Qualcomm

-

Patched

Trending graph for this CVE
CVE-2023-33042[HIGH] These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.
CVSS 7.5Qualcomm

-

Patched

Trending graph for this CVE
CVE-2023-33014[HIGH] These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.
CVSS 6.8Qualcomm

-

Patched

Trending graph for this CVE
CVE-2023-32890In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963).
CVSS 7.5Mediatek

-

Patched

Trending graph for this CVE
CVE-2023-32827In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993539.
CVSS 6.7Google

-

Patched

Trending graph for this CVE
CVE-2023-32826In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993544.
CVSS 6.7Google

-

Patched

Trending graph for this CVE
CVE-2023-32820In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637.
CVSS 7.5Linuxfoundation, et al

-

Patched

Trending graph for this CVE
CVE-2023-32811In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.
CVSS 6.7Linuxfoundation, et al

-

Patched

Trending graph for this CVE
CVE-2023-32728The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.
CVSS 4.6Zabbix

-

Patched

Trending graph for this CVE
CVE-2023-32727An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.
CVSS 6.8Zabbix

-

Patched

Trending graph for this CVE
CVE-2023-32721A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.
CVSS 5.4Zabbix

-

Patched

Trending graph for this CVE
CVE-2023-32701 Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.
CVSS 7.1Blackberry

-

Patched

Trending graph for this CVE
CVE-2023-32690libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that requires a cryptography operation by the Responder, such as CHALLENGE, libspdm will calculate the timeout value using the Responder's unvalidated CTExponent. A patch is available in version 2.3.3. A workaround is also available. After completion of VCA, the Requester can check the value of the Responder's CTExponent. If it greater than or equal to 64, then the Requester can stop communication with the Responder.
CVSS 7.5Dmtf

-

Patched

Trending graph for this CVE
CVE-2023-32688parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.
CVSS 7.5Parseplatform

-

Patched

Trending graph for this CVE
CVE-2023-32649A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets. During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.
CVSS 7.5Nozominetworks

-

Patched

Trending graph for this CVE
CVE-2023-32641Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access.
CVSS 8.8Intel

-

Patched

Trending graph for this CVE
CVE-2023-32633Improper input validation in the Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS 6.7Intel

-

-

Trending graph for this CVE
CVE-2023-32485 Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity.
CVSS 9.8Dell

-

Patched

Trending graph for this CVE
CVE-2023-32484 Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2023-32480 Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution.
CVSS 6.8

-

Patched

Trending graph for this CVE
CVE-2023-32469 Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.
CVSS 6.7Dell

-

Patched

Trending graph for this CVE
CVE-2023-32463 Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
CVSS 7.5

-

Patched

Trending graph for this CVE
CVE-2023-32462 Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2023-32323Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled are not affected. In versions of Synapse up to and including 1.73, Synapse did not limit the size of `invite_room_state`, meaning that it was possible to create an arbitrarily large invite event. Synapse 1.74 refuses to create oversized `invite_room_state` fields. Server operators should upgrade to Synapse 1.74 or newer urgently.
CVSS 4.3Matrix

Exploit

Patched

Trending graph for this CVE
CVE-2023-32305aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.
CVSS 8.8Aiven

-

Patched

Trending graph for this CVE
CVE-2023-32302Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.
CVSS 8.1Silverstripe

Exploit

Patched

Trending graph for this CVE
CVE-2023-32170Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. User interaction is required to exploit this vulnerability in that the target must choose to accept a client certificate. The specific flaw exists within the processing of client certificates. The issue results from the lack of proper validation of certificate data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20494.
CVSS LowUnified-automation

-

-

Trending graph for this CVE
CVE-2023-32075The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Users should update to version 3.3.9 to receive a patch or, as a workaround, or apply the patch manually.
CVSS 4.3Pimcore

Exploit

Patched

Trending graph for this CVE
CVE-2023-32057Microsoft Message Queuing Remote Code Execution Vulnerability
CVSS 9.8Microsoft

-

Patched

Trending graph for this CVE
CVE-2023-32037Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability
CVSS 6.5Microsoft

-

Patched

Trending graph for this CVE
CVE-2023-32032.NET and Visual Studio Elevation of Privilege Vulnerability
CVSS 6.5Microsoft

-

Patched

Trending graph for this CVE
CVE-2023-32015Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVSS 9.8Microsoft

-

Patched

Trending graph for this CVE
CVE-2023-31455Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.
CVSS 7.5Pexip

-

Patched

Trending graph for this CVE
CVE-2023-31366Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service.
CVSS 3.3

-

-

Trending graph for this CVE
CVE-2023-31339Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.
CVSS 4.8Arm

-

-

Trending graph for this CVE
CVE-2023-31320AMD has informed HP of potential vulnerabilities identified in some AMD Graphics Drivers for Windows which may allow arbitrary code execution or denial of service. Severity: Medium
CVSS 7.5Amd

Exploit

Patched

Trending graph for this CVE
CVE-2023-31289Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort.
CVSS 7.5Pexip

-

Patched

Trending graph for this CVE
CVE-2023-31203Improper input validation in some OpenVINO Model Server software before version 2022.3 for Intel Distribution of OpenVINO toolkit may allow an unauthenticated user to potentially enable denial of service via network access.
CVSS 7.5Intel

-

Patched

Trending graph for this CVE
CVE-2023-31162An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file. See SEL Service Bulletin dated 2022-11-15 for more details.
CVSS 4.3

-

Patched

Trending graph for this CVE
CVE-2023-31161An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects. See SEL Service Bulletin dated 2022-11-15 for more details.
CVSS 8.8

-

Patched

Trending graph for this CVE
CVE-2023-31149 An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details.
CVSS 8.8

-

Patched

Trending graph for this CVE
CVE-2023-31148An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details.
CVSS 8.8

-

Patched

Trending graph for this CVE
CVE-2023-31047In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.
CVSS 9.8Djangoproject, et al

-

Patched

Trending graph for this CVE
CVE-2023-31039Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process. Solution: 1. upgrade to bRPC >= 1.5.0, download link:  https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch:  https://github.com/apache/brpc/pull/2218 https://github.com/apache/brpc/pull/2218
CVSS 9.8Apache

-

Patched

Trending graph for this CVE
CVE-2023-31035NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.
CVSS 7.8Nvidia

-

Patched

Trending graph for this CVE
CVE-2023-31028 NVIDIA nvJPEG2000 Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service.
CVSS 2.8Nvidia

-

-

Trending graph for this CVE
CVE-2023-31013NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.
CVSS 8.8

-

Patched

Trending graph for this CVE
CVE-2023-31012NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.
CVSS 8.8

-

Patched

Trending graph for this CVE
CVE-2023-31011NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.
CVSS 8.8

-

Patched

Trending graph for this CVE
CVE-2023-31010NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, and denial of service.
CVSS 8.8

-

Patched

Trending graph for this CVE
CVE-2023-31009NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.
CVSS 9.8

-

Patched

Trending graph for this CVE
CVE-2023-31008NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, escalation of privileges, and information disclosure.
CVSS 7.8

-

Patched

Trending graph for this CVE
CVE-2023-30991IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.
CVSS 7.5Ibm

-

Patched

Trending graph for this CVE
CVE-2023-30987IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.
CVSS 7.5Ibm

-

Patched

Trending graph for this CVE
CVE-2023-30712Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.
CVSS 7.8Samsung

-

Patched

Trending graph for this CVE
CVE-2023-30690Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.
CVSS 7.8Samsung

-

Patched

Trending graph for this CVE
CVE-2023-30664Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
CVSS 7.8Samsung

-

Patched

Trending graph for this CVE
CVE-2023-30663Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.
CVSS 7.8Samsung

-

Patched

Trending graph for this CVE
CVE-2023-30659Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
CVSS 7.8Samsung

-

Patched

Trending graph for this CVE
CVE-2023-30658Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
CVSS 7.8Samsung

-

Patched

Trending graph for this CVE
CVE-2023-30657Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
CVSS 7.8Samsung

-

Patched

Trending graph for this CVE
CVE-2023-30656Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.
CVSS 7.8Samsung

-

Patched

Trending graph for this CVE
CVE-2023-30655Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
CVSS 7.8Samsung

-

Patched

Trending graph for this CVE