Total
621 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3299 | 1 Hashicorp | 1 Nomad | 2024-11-21 | N/A | 3.4 LOW |
| HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11. | |||||
| CVE-2023-3270 | 1 Sick | 2 Icr890-4, Icr890-4 Firmware | 2024-11-21 | N/A | 8.6 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system. | |||||
| CVE-2023-39974 | 1 Acymailing | 1 Acymailing | 2024-11-21 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list. | |||||
| CVE-2023-39478 | 2024-11-21 | N/A | 6.6 MEDIUM | ||
| Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of OPC FileDirectory namespaces. The issue results from the lack of proper validation of user-supplied data before using it to create a server object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20547. | |||||
| CVE-2023-39383 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security. | |||||
| CVE-2023-39214 | 1 Zoom | 3 Meeting Software Development Kit, Rooms, Zoom | 2024-11-21 | N/A | 7.6 HIGH |
| Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access. | |||||
| CVE-2023-39171 | 1 Enbw | 2 Senec Storage Box, Senec Storage Box Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials. | |||||
| CVE-2023-39155 | 1 Jenkins | 1 Chef Identity | 2024-11-21 | N/A | 5.3 MEDIUM |
| Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it. | |||||
| CVE-2023-39058 | 1 The B Members Card Project | 1 The B Members Card | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39056 | 1 Coffee-jumbo Project | 1 Coffee-jumbo | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39049 | 1 Youmart-tokunaga Project | 1 Youmart-tokunaga | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39046 | 1 Tonton-tei Waiting Project | 1 Tonton-tei Waiting | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39043 | 1 Ykc | 1 Tokushima Awayokocho | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39040 | 1 Cheese Cafe Line Project | 1 Cheese Cafe Line | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39039 | 1 Camp Style Project Line Project | 1 Camp Style Project Line | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-38955 | 1 Zkteco | 1 Bioaccess Ivs | 2024-11-21 | N/A | 7.5 HIGH |
| ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names. | |||||
| CVE-2023-38830 | 1 Phpjabbers | 1 Yacht Listing Script | 2024-11-21 | N/A | 7.5 HIGH |
| An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module. | |||||
| CVE-2023-38558 | 1 Siemens | 1 Simatic Pcs Neo | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems. | |||||
| CVE-2023-38152 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| DHCP Server Service Information Disclosure Vulnerability | |||||
| CVE-2023-37911 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 6.5 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as `deleted:1` (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document. This vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed. The only workaround is to regularly clean deleted documents to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole. | |||||