Total
2420 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43491 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-43487 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
| Improper access control in some Intel(R) CST before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-43336 | 1 Sangoma | 1 Freepbx | 2024-11-21 | N/A | 8.8 HIGH |
| Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. | |||||
| CVE-2023-43318 | 1 Tp-link | 2 Tl-sg2210p, Tl-sg2210p Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests. | |||||
| CVE-2023-43141 | 1 Totolink | 4 A3700r, A3700r Firmware, N600r and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. | |||||
| CVE-2023-43119 | 1 Extremenetworks | 1 Exos | 2024-11-21 | N/A | 9.8 CRITICAL |
| An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server. | |||||
| CVE-2023-43079 | 1 Dell | 1 Emc Openmanage Server Administrator | 2024-11-21 | N/A | 7.3 HIGH |
| Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise. | |||||
| CVE-2023-43072 | 1 Dell | 1 Smartfabric Storage Software | 2024-11-21 | N/A | 4.4 MEDIUM |
| Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands. | |||||
| CVE-2023-41882 | 1 Vantage6 | 1 Vantage6 | 2024-11-21 | N/A | 5.4 MEDIUM |
| vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds. | |||||
| CVE-2023-41772 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2023-41721 | 1 Ui | 6 Unifi Dream Machine, Unifi Dream Machine Pro, Unifi Dream Machine Special Edition and 3 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later. | |||||
| CVE-2023-41570 | 1 Mikrotik | 1 Routeros | 2024-11-21 | N/A | 5.3 MEDIUM |
| MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API. | |||||
| CVE-2023-41311 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically. | |||||
| CVE-2023-40850 | 1 Netentsec | 2 Ns-asg, Ns-asg Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway. | |||||
| CVE-2023-40730 | 1 Siemens | 1 Qms Automotive | 2024-11-21 | N/A | 7.1 HIGH |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access confidential information, perform administrative functions, or lead to a denial-of-service condition. | |||||
| CVE-2023-40579 | 1 Openfga | 1 Openfga | 2024-11-21 | N/A | 6.5 MEDIUM |
| OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using `ListObjects` with specific models. The affected models contain expressions of type `rel1 from type1`. This issue has been patched in version 1.3.1. | |||||
| CVE-2023-40170 | 1 Jupyter | 1 Jupyter Server | 2024-11-21 | N/A | 4.6 MEDIUM |
| jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks. | |||||
| CVE-2023-40161 | 1 Intel | 1 Unite | 2024-11-21 | N/A | 6.6 MEDIUM |
| Improper access control in some Intel Unite(R) Client software before version 4.2.35041 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-40070 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-40060 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | N/A | 7.2 HIGH |
| A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. | |||||