Total
2420 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40039 | 1 Arris | 6 Tg1672g, Tg1672g Firmware, Tg852g and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. | |||||
| CVE-2023-3431 | 2 Fedoraproject, Plantuml | 2 Fedora, Plantuml | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9. | |||||
| CVE-2023-3306 | 1 Ruijie | 2 Rg-ew1200g, Rg-ew1200g Firmware | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-231802 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3305 | 1 Cdatatec | 1 Web Management System | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231801 was assigned to this vulnerability. | |||||
| CVE-2023-3303 | 1 Admidio | 1 Admidio | 2024-11-21 | N/A | 3.5 LOW |
| Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | |||||
| CVE-2023-3095 | 1 Teampass | 1 Teampass | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | |||||
| CVE-2023-3039 | 1 Dell | 1 Sd Rom Utility | 2024-11-21 | N/A | 7.3 HIGH |
| SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access. | |||||
| CVE-2023-3018 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230362 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-39962 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 7.7 HIGH |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a malicious user could delete any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. As a workaround, disable app files_external. This also makes the external storage inaccessible but retains the configurations until a patched version has been deployed. | |||||
| CVE-2023-39961 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 3.5 LOW |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-39959 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 3.5 LOW |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for the victim. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-39952 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder of a groupfolder accessible to them, even if advanced permissions would block access to the subfolder. Nextcloud Server versions 25.0.8, 26.0.3, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-39941 | 1 Intel | 1 System Usage Report For Gameplay | 2024-11-21 | N/A | 7.1 HIGH |
| Improper access control in some Intel(R) SUR software before version 2.4.10587 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2023-39743 | 1 Pete4abw | 1 Lzma Software Development Kit | 2024-11-21 | N/A | 5.3 MEDIUM |
| lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c. | |||||
| CVE-2023-39731 | 1 Line | 1 Kaibutsunosato | 2024-11-21 | N/A | 5.3 MEDIUM |
| The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | |||||
| CVE-2023-39433 | 2024-11-21 | N/A | 4.4 MEDIUM | ||
| Improper access control for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-39432 | 1 Intel | 1 Ethernet Adapter Complete Driver | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper access control element in some Intel(R) Ethernet tools and driver install software, before versions 28.2, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-39425 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | N/A | 8.8 HIGH |
| Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-39376 | 1 Siberiancms | 1 Siberiancms | 2024-11-21 | N/A | 6.5 MEDIUM |
| SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network | |||||
| CVE-2023-39349 | 1 Sentry | 1 Sentry | 2024-11-21 | N/A | 8.1 HIGH |
| Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on `sentry.io`. For self-hosted users, it is advised to rotate user auth tokens. A fix is available in version 23.7.2 of `sentry` and `self-hosted`. There are no known workarounds. | |||||