Skip to main content
CVE-2023-34086 MEDIUM PATCH This Month

Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Intel Nuc Rugged Kit Nuc8Cchb Firmware Nuc Rugged Kit Nuc8Cchbn Firmware Nuc Rugged Kit Nuc8Cchkrn Firmware +68
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-32617 MEDIUM This Month

Improper input validation in some Intel(R) NUC Rugged Kit, Intel(R) NUC Kit and Intel(R) Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Nuc Kit Nuc7I7Bnhx1 Firmware Nuc 7 Home Nuc7I5Bnkp Firmware Nuc 7 Home Nuc7I3Bnhxf Firmware +20
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-29494 MEDIUM This Month

Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Nuc 11 Pro Kit Nuc11Tnhi70Z Firmware Nuc 11 Pro Kit Nuc11Tnki70Z Firmware Nuc 11 Pro Kit Nuc11Tnki30Z Firmware +21
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-28736 MEDIUM This Month

Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Intel Mdadm
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-28714 MEDIUM PATCH This Month

Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Intel Authentication Bypass Proset Wireless Wifi
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-28385 MEDIUM This Month

Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially enable escalation of privilage via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Intel Authentication Bypass Next Unit Of Computing Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-27391 MEDIUM This Month

Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Advisor For Oneapi Cpu Runtime For Opencl Applications +27
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-22449 MEDIUM PATCH This Month

Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Intel Nuc 13 Extreme Compute Element Nuc13Sbbi5 Firmware Nuc 13 Extreme Compute Element Nuc13Sbbi5F Firmware Nuc 13 Extreme Compute Element Nuc13Sbbi7 Firmware +152
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-4107 MEDIUM PATCH This Month

Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-4106 MEDIUM PATCH This Month

Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-34349 MEDIUM PATCH This Month

Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.4).

Privilege Escalation Intel Nuc Performance Kit And Mini Pc Nuc10I3Fnh Firmware Nuc Performance Kit And Mini Pc Nuc10I3Fnhf Firmware Nuc Performance Kit And Mini Pc Nuc10I3Fnhfa Firmware +171
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-0871 MEDIUM PATCH This Month

XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity.

XXE Horizon Meridian
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2020-35990 MEDIUM This Month

Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Pdf Reader
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32609 MEDIUM This Month

Improper access control in the Intel Unite(R) android application before version 4.2.3504 may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Intel Authentication Bypass Unite
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30760 MEDIUM This Month

Out-of-bounds read in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable information disclosure via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Intel Realsense 450 Fa Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28711 MEDIUM This Month

Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Hyperscan Library
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22840 MEDIUM This Month

Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Onevpl Gpu Runtime Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-22338 MEDIUM This Month

Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Intel Onevpl Gpu Runtime Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-37513 MEDIUM This Month

When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Traveler To Do
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-37512 MEDIUM This Month

When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Traveler Companion
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3937 MEDIUM This Month

Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Snow License Manager
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-22276 MEDIUM This Month

Race condition in firmware for some Intel(R) Ethernet Controllers and Adapters E810 Series before version 1.7.2.4 may allow an authenticated user to potentially enable denial of service via local. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Intel Ethernet Network Controller E810 Xxvam2 Firmware Ethernet Network Controller E810 Cam1 Firmware Ethernet Network Controller E810 Cam2 Firmware
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-32285 MEDIUM PATCH This Month

Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Intel Authentication Bypass Nuc Kit Nuc6Cayh Firmware Nuc Kit Nuc6Cays Firmware +65
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-29500 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Nuc 11 Performance Kit Nuc11Pahi70Z Firmware Nuc 11 Performance Kit Nuc11Pahi50Z Firmware Nuc 11 Performance Kit Nuc11Pahi30Z Firmware +8
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-29243 MEDIUM This Month

Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Realsense 450 Fa Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-28938 MEDIUM This Month

Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Mdadm
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-27887 MEDIUM This Month

Improper initialization in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Nuc 11 Pro Kit Nuc11Tnhi70Z Firmware Nuc 11 Pro Kit Nuc11Tnki70Z Firmware Nuc 11 Pro Kit Nuc11Tnki30Z Firmware +21
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-27392 MEDIUM This Month

Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Google Intel Support
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-23908 MEDIUM This Month

Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Authentication Bypass Microcode Debian Linux +137
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-22444 MEDIUM This Month

Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Compute. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Nuc 13 Extreme Compute Element Nuc13Sbbi7F Firmware Nuc 13 Extreme Compute Element Nuc13Sbbi5F Firmware Nuc 13 Extreme Compute Element Nuc13Sbbi9F Firmware +108
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-22356 MEDIUM PATCH This Month

Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure Intel Nuc 7 Enthusiast Nuc7I7Bnkq Firmware Nuc 7 Enthusiast Nuc7I7Bnhxg Firmware Nuc Kit Nuc7I7Dnhe Firmware +208
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-22330 MEDIUM PATCH This Month

Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure Intel Nuc 11 Performance Kit Nuc11Pahi3 Firmware Nuc 11 Performance Kit Nuc11Pahi30Z Firmware Nuc 11 Performance Kit Nuc11Paki3 Firmware +85
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-39418 MEDIUM PATCH This Month

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure PostgreSQL Enterprise Linux Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2023-4105 MEDIUM PATCH This Month

Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-37511 MEDIUM This Month

If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Traveler To Do
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy