The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-2358 | A path traversal vulnerability in the \'/apply_settings\' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the \'extensions\' parameter. Attackers can exploit this by crafting a payload that includes relative path traversal sequences (\'../../../\'), enabling them to navigate to arbitrary directories. This flaw subsequently allows the server to load and execute a malicious \'__init__.py\' file, leading to remote code execution. The issue affects the latest version of parisneo/lollms-webui. | -- | May 16, 2024 |
| CVE-2024-1417 | Improper Neutralization of Special Elements used in a Command (\'Command Injection\') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application. This issue affects AuthPoint Password Manager for MacOS versions before 1.0.6. | -- | May 16, 2024 |
| CVE-2023-49614 | Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information disclosure. | -- | May 16, 2024 |
| CVE-2023-48727 | NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access. | -- | May 16, 2024 |
| CVE-2023-48643 | Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tac_plus.cfg configuration file. These are executed when a client sends an authorization request with a username that has pre-authorization directives configured. However, it is possible to inject additional commands into these checks because strings from TACACS+ packets are used as command-line arguments. If the installation lacks a a pre-shared secret (there is no pre-shared secret by default), then the injection can be triggered without authentication. (The attacker needs to know a username configured to use a pre-authorization command.) NOTE: this is related to CVE-2023-45239 but the issue is in the original Shrubbery product, not Meta\'s fork. | -- | May 16, 2024 |
| CVE-2023-48368 | Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. | -- | May 16, 2024 |
| CVE-2023-47859 | Improper access control for some Intel(R) Wireless Bluetooth products for Windows before version 23.20 may allow an authenticated user to potentially enable denial of service via local access. | -- | May 16, 2024 |
| CVE-2023-47855 | Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-47717 | IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690. | -- | May 16, 2024 |
| CVE-2023-47282 | Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-47210 | Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | -- | May 16, 2024 |
| CVE-2023-47169 | Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. | -- | May 16, 2024 |
| CVE-2023-47165 | Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local access. | -- | May 16, 2024 |
| CVE-2023-46842 | Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hypercalls takes a considerable amount of time, the hypervisor may choose to invoke a hypercall continuation. Doing so involves putting (perhaps updated) hypercall arguments in respective registers. For guests not running in 64-bit mode this further involves a certain amount of translation of the values. Unfortunately internal sanity checking of these translated values assumes high halves of registers to always be clear when invoking a hypercall. When this is found not to be the case, it triggers a consistency check in the hypervisor and causes a crash. | -- | May 16, 2024 |
| CVE-2023-46691 | Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-46689 | Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-46103 | Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access. | -- | May 16, 2024 |
| CVE-2023-45846 | Incomplete cleanup in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable denial of service via local access. | -- | May 16, 2024 |
| CVE-2023-45845 | Improper conditions check for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.20 may allow a privileged user to potentially enable denial of service via local access. | -- | May 16, 2024 |
| CVE-2023-45745 | Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-45743 | Uncontrolled search path in some Intel(R) DSA software uninstallers before version 23.4.39.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-45736 | Insecure inherited permissions in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-45733 | Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. | -- | May 16, 2024 |
| CVE-2023-45320 | Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-45315 | Improper initialization in some Intel(R) Power Gadget software for Windwos all versions may allow an authenticated user to potentially enable denial of service via local access. | -- | May 16, 2024 |
| CVE-2023-45221 | Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-45217 | Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-43751 | Uncontrolled search path in Intel(R) Graphics Command Center Service bundled in some Intel(R) Graphics Windows DCH driver software before versions 31.0.101.3790/31.0.101.2114 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-43748 | Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-43745 | Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local access. | -- | May 16, 2024 |
| CVE-2023-43629 | Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-43487 | Improper access control in some Intel(R) CST before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access. | -- | May 16, 2024 |
| CVE-2023-42773 | Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-42668 | Incorrect default permissions in some onboard video driver software before version 1.14 for Intel(R) Server Boards based on Intel(R) 62X Chipset may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-42433 | Incorrect default permissions in some Endurance Gaming Mode software installers before version 1.3.937.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-41961 | Uncontrolled search path in some Intel(R) GPA software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-41234 | NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access. | -- | May 16, 2024 |
| CVE-2023-41092 | Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access. | -- | May 16, 2024 |
| CVE-2023-41082 | Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access. | -- | May 16, 2024 |
| CVE-2023-40536 | Race condition for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | -- | May 16, 2024 |
| CVE-2023-40297 | Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component. | -- | May 16, 2024 |
| CVE-2023-40155 | Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-40071 | Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-40070 | Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-39929 | Uncontrolled search path in some Libva software maintained by Intel(R) before version 2.20.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-39433 | Improper access control for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-38654 | Improper input validation for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | -- | May 16, 2024 |
| CVE-2023-38581 | Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | May 16, 2024 |
| CVE-2023-38420 | Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access. | -- | May 16, 2024 |
| CVE-2023-38417 | Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | -- | May 16, 2024 |
