| CVE-ID |
Description |
CVSS-Score |
|
|
V2 |
V3 |
| CVE-2023-28596 |
Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation ...
|
None |
None |
| CVE-2023-28531 |
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints.
|
None |
9.8 |
| CVE-2023-28487 |
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
|
None |
5.3 |
| CVE-2023-28486 |
Sudo before 1.9.13 does not escape control characters in log messages.
|
None |
5.3 |
| CVE-2023-28470 |
In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication.
|
None |
None |
| CVE-2023-28466 |
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
|
None |
7.0 |
| CVE-2023-28461 |
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. ...
|
None |
9.8 |
| CVE-2023-28460 |
A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell cod...
|
None |
7.2 |
| CVE-2023-28450 |
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
|
None |
7.5 |
| CVE-2023-28448 |
Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Ve...
|
None |
None |
| CVE-2023-28446 |
Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a...
|
None |
None |
| CVE-2023-28445 |
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound...
|
None |
None |
| CVE-2023-28444 |
angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables i...
|
None |
None |
| CVE-2023-28443 |
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users wi...
|
None |
None |
| CVE-2023-28442 |
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive information about Ge...
|
None |
None |
| CVE-2023-28441 |
smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5.9. As a workaround,...
|
None |
None |
| CVE-2023-28439 |
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript ...
|
None |
None |
| CVE-2023-28438 |
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using th...
|
None |
8.0 |
| CVE-2023-28437 |
Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds.
|
None |
None |
| CVE-2023-28436 |
Tailscale is software for using Wireguard and multi-factor authentication (MFA). A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows...
|
None |
None |
