The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2023-44382 | October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15. | -- | Dec 3, 2023 |
| CVE-2023-44381 | October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15. | -- | Dec 3, 2023 |
| CVE-2023-44306 | Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem. | -- | Dec 4, 2023 |
| CVE-2023-44305 | Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in the appliance. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data. | -- | Dec 4, 2023 |
| CVE-2023-44304 | Dell DM5500 contains a privilege escalation vulnerability in the appliance. A remote attacker with low privileges could potentially exploit this vulnerability to escape the restricted shell and gain root access to the appliance. | -- | Dec 4, 2023 |
| CVE-2023-44302 | Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary code. | -- | Dec 4, 2023 |
| CVE-2023-44301 | Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user\'s web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | -- | Dec 4, 2023 |
| CVE-2023-44300 | Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain service credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | -- | Dec 4, 2023 |
| CVE-2023-44298 | Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service. | -- | Dec 5, 2023 |
| CVE-2023-44297 | Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service. | -- | Dec 5, 2023 |
| CVE-2023-44295 | Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure. | -- | Dec 5, 2023 |
| CVE-2023-44291 | Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | -- | Dec 4, 2023 |
| CVE-2023-44288 | Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, leading to denial of service. | -- | Dec 5, 2023 |
| CVE-2023-44221 | Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a \'nobody\' user, potentially leading to OS Command Injection Vulnerability. | -- | Dec 5, 2023 |
| CVE-2023-43628 | An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability. | -- | Dec 5, 2023 |
| CVE-2023-43608 | A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. | -- | Dec 5, 2023 |
| CVE-2023-43472 | An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API. | -- | Dec 5, 2023 |
| CVE-2023-43455 | An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component. | -- | Dec 1, 2023 |
| CVE-2023-43454 | An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component. | -- | Dec 1, 2023 |
| CVE-2023-43453 | An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. | -- | Dec 1, 2023 |
| CVE-2023-43089 | Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources. | -- | Dec 1, 2023 |
| CVE-2023-43021 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167. | -- | Dec 4, 2023 |
| CVE-2023-43015 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266064. | -- | Dec 4, 2023 |
| CVE-2023-42751 | In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42749 | In enginnermode service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42748 | In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42747 | In camera service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42746 | In power manager, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42745 | In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42744 | In telecom service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42743 | In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42742 | In sysui, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42741 | In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42740 | In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42739 | In engineermode service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42738 | In telocom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42737 | In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42736 | In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42735 | In telephony service, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42734 | In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42733 | In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42732 | In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42731 | In Gnss service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42730 | In IMS service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42729 | In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42728 | In phasecheckserver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42727 | In gpu driver, there is a possible out of bounds write due to a incorrect bounds check. This could lead to local denial of service with System execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42726 | In TeleService, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42725 | In gpu driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | -- | Dec 4, 2023 |
| CVE-2023-42724 | In gpu driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | -- | Dec 4, 2023 |
