Total
3413 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36890 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2023-36889 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Windows Group Policy Security Feature Bypass Vulnerability | |||||
| CVE-2023-36820 | 1 Objectcomputing | 1 Micronaut Security | 2024-11-21 | N/A | 4.8 MEDIUM |
| Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut where multiple OIDC applications exists for the same issuer but token auth are not meant to be shared. This issue has been patched in versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1. | |||||
| CVE-2023-36790 | 1 Microsoft | 1 Windows Server 2008 | 2024-11-21 | N/A | 7.8 HIGH |
| Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-36725 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-36722 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| Active Directory Domain Services Information Disclosure Vulnerability | |||||
| CVE-2023-36620 | 1 Nationaledtech | 1 Boomerang | 2024-11-21 | N/A | 4.6 MEDIUM |
| An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API. | |||||
| CVE-2023-36561 | 1 Microsoft | 1 Azure Devops Server | 2024-11-21 | N/A | 7.3 HIGH |
| Azure DevOps Server Elevation of Privilege Vulnerability | |||||
| CVE-2023-36554 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | N/A | 8.1 HIGH |
| A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | |||||
| CVE-2023-36106 | 1 Powerjob | 1 Powerjob | 2024-11-21 | N/A | 7.5 HIGH |
| An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list. | |||||
| CVE-2023-35939 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 8.1 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8 contains a patch for this issue. | |||||
| CVE-2023-35179 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | N/A | 7.2 HIGH |
| A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. | |||||
| CVE-2023-35167 | 1 Remult | 1 Remult | 2024-11-21 | N/A | 5.0 MEDIUM |
| Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function. | |||||
| CVE-2023-35062 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | N/A | 6.3 MEDIUM |
| Improper access control in some Intel(R) DSA software before version 23.4.33 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-34107 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 6.5 MEDIUM |
| GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue. | |||||
| CVE-2023-34106 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 6.5 MEDIUM |
| GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should upgrade to version 10.0.8 to receive a patch. | |||||
| CVE-2023-33875 | 1 Intel | 10 Killer, Killer Wi-fi 6 Ax1650, Killer Wi-fi 6e Ax1675 and 7 more | 2024-11-21 | N/A | 7.1 HIGH |
| Improper access control for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via local access.. | |||||
| CVE-2023-33155 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-32647 | 1 Intel | 1 Extreme Tuning Utility | 2024-11-21 | N/A | 6.8 MEDIUM |
| Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32572 | 1 Purestorage | 1 Purity\/\/fa | 2024-11-21 | N/A | 6.5 MEDIUM |
| A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. | |||||