CVE & Exploit Intelligence Database

CVE-2023-3089 7.0 HIGH EPSS 0.00

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

CWE-521 Jul 05, 2023

CVE-2021-31982 8.8 HIGH EPSS 0.03

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-693 Jul 01, 2023

CVE-2023-30757 6.2 MEDIUM EPSS 0.00

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.

CWE-693 Jun 13, 2023

CVE-2023-30851 2.6 LOW EPSS 0.00

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple `toEndpoints` AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be appended to the set of HTTP rules, which could cause bypass of HTTP policies. This issue has been patched in Cilium 1.11.16, 1.12.9, and 1.13.2.

CWE-693 May 25, 2023

CVE-2022-41979 5.4 MEDIUM EPSS 0.00

Protection mechanism failure in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access.

CWE-693 May 10, 2023

CVE-2023-29354 4.7 MEDIUM EPSS 0.00

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-693 May 05, 2023

CVE-2023-28286 6.1 MEDIUM EPSS 0.00

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-693 Apr 27, 2023

CVE-2023-28284 4.3 MEDIUM EPSS 0.00

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-693 Apr 11, 2023

CVE-2023-21024 7.8 HIGH EPSS 0.00

In maybeFinish of FallbackHome.java, there is a possible delay of lockdown screen due to logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246543238

CWE-693 Mar 24, 2023

CVE-2023-25765 9.9 CRITICAL EPSS 0.00

In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

CWE-693 Feb 15, 2023

CVE-2022-48290 9.1 CRITICAL EPSS 0.00

The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity.

CWE-693 Feb 09, 2023

CVE-2022-48287 7.5 HIGH EPSS 0.00

The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity.

CWE-693 Feb 09, 2023

CVE-2023-0002 5.5 MEDIUM EPSS 0.00

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.

CWE-693 Feb 08, 2023

CVE-2023-20919 7.8 HIGH EPSS 0.00

In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252663068

CWE-693 Jan 26, 2023

CVE-2023-23589 6.5 MEDIUM EPSS 0.00

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.

CWE-693 Jan 14, 2023

CVE-2021-26355 5.5 MEDIUM EPSS 0.00

Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service.

CWE-693 Jan 11, 2023

CVE-2023-0141 4.3 MEDIUM EPSS 0.00

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

CWE-693 Jan 10, 2023

CVE-2023-0131 6.5 MEDIUM EPSS 0.00

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)

CWE-693 Jan 10, 2023

CVE-2022-46762 7.5 HIGH EPSS 0.00

The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

CWE-693 Jan 06, 2023

CVE-2022-47544 9.8 CRITICAL EPSS 0.01

An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed.

CWE-693 Jan 05, 2023