Total
3747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23493 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 3.3 LOW |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3. An encrypted volume may be unmounted and remounted by a different user without prompting for the password. | |||||
| CVE-2023-23450 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2024-11-21 | N/A | 6.2 MEDIUM |
| Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface. | |||||
| CVE-2023-22663 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| Improper authentication for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-22501 | 1 Atlassian | 1 Jira Service Management | 2024-11-21 | N/A | 9.1 CRITICAL |
| An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases: * If the attacker is included on Jira issues or requests with these users, or * If the attacker is forwarded or otherwise gains access to emails containing a “View Request” link from these users. Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account. | |||||
| CVE-2023-21841 | 1 Oracle | 1 Weblogic Server | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2023-21817 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Kerberos Elevation of Privilege Vulnerability | |||||
| CVE-2023-21721 | 1 Microsoft | 1 Onenote | 2024-11-21 | N/A | 6.5 MEDIUM |
| Microsoft OneNote Elevation of Privilege Vulnerability | |||||
| CVE-2023-21626 | 1 Qualcomm | 370 Apq8009, Apq8009 Firmware, Apq8017 and 367 more | 2024-11-21 | N/A | 7.1 HIGH |
| Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key. | |||||
| CVE-2023-21487 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.1 MEDIUM |
| Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting. | |||||
| CVE-2023-21484 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.1 MEDIUM |
| Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation. | |||||
| CVE-2023-21460 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.4 MEDIUM |
| Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting. | |||||
| CVE-2023-21437 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast. | |||||
| CVE-2023-21425 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information. | |||||
| CVE-2023-21307 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.0 MEDIUM |
| In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2023-21297 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.4 MEDIUM |
| In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-20252 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application. | |||||
| CVE-2023-20214 | 1 Cisco | 2 Catalyst Sd-wan Manager, Sd-wan Vmanage | 2024-11-21 | N/A | 9.1 CRITICAL |
| A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI. | |||||
| CVE-2023-20012 | 1 Cisco | 11 Nexus 93180yc-fx3, Nexus 93180yc-fx3 Firmware, Nexus 93180yc-fx3s and 8 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition. | |||||
| CVE-2023-1935 | 1 Emerson | 10 Dl8000, Dl8000 Firmware, Roc809 and 7 more | 2024-11-21 | N/A | 9.4 CRITICAL |
| ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition. | |||||
| CVE-2023-1784 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699. | |||||