Total
1379 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38557 | 1 Siemens | 1 Spectrum Power 7 | 2024-11-21 | N/A | 8.2 HIGH |
| A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | |||||
| CVE-2023-38541 | 1 Intel | 1 Hid Event Filter Driver | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-37237 | 1 Veritas | 1 Netbackup Appliance | 2024-11-21 | N/A | 6.5 MEDIUM |
| In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. | |||||
| CVE-2023-36633 | 1 Fortinet | 1 Fortimail | 2024-11-21 | N/A | 5.4 MEDIUM |
| An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests. | |||||
| CVE-2023-36465 | 1 Decidim | 1 Decidim | 2024-11-21 | N/A | 9.1 CRITICAL |
| Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4. | |||||
| CVE-2023-35870 | 1 Sap | 1 S4core | 2024-11-21 | N/A | 6.3 MEDIUM |
| When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template could be deleted, hence making the resource temporarily unavailable. | |||||
| CVE-2023-35841 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0. | |||||
| CVE-2023-35800 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | N/A | 4.3 MEDIUM |
| Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators. | |||||
| CVE-2023-35799 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | N/A | 5.5 MEDIUM |
| Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges. | |||||
| CVE-2023-35168 | 1 Dataease | 1 Dataease | 2024-11-21 | N/A | 6.5 MEDIUM |
| DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versions of DataEase has a privilege bypass vulnerability where ordinary users can gain access to the user database. Exposed information includes md5 hashes of passwords, username, email, and phone number. The vulnerability has been fixed in v1.18.8. Users are advised to upgrade. There are no known workarounds for the vulnerability. | |||||
| CVE-2023-34997 | 1 Intel | 1 Server Configuration Utility | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-34981 | 1 Apache | 1 Tomcat | 2024-11-21 | N/A | 7.5 HIGH |
| A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak. | |||||
| CVE-2023-34797 | 1 Temenos | 1 Cwx | 2024-11-21 | N/A | 5.4 MEDIUM |
| Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information. | |||||
| CVE-2023-34437 | 1 Bakerhughes | 2 Bentley Nevada 3500 System, Bentley Nevada 3500 System Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device. | |||||
| CVE-2023-34391 | 2 Microsoft, Selinc | 2 Windows, Sel-5033 Acselerator Real-time Automation Controller | 2024-11-21 | N/A | 7.4 HIGH |
| Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000. | |||||
| CVE-2023-34314 | 1 Intel | 1 Simics Simulator | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-34154 | 1 Huawei | 1 Harmonyos | 2024-11-21 | N/A | 8.2 HIGH |
| Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources. | |||||
| CVE-2023-33990 | 1 Sap | 1 Sql Anywhere | 2024-11-21 | N/A | 7.8 HIGH |
| SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a Denial of Service. Further, an attacker might be able to modify sensitive data in shared memory objects.This issue only affects SAP SQL Anywhere on Windows. Other platforms are not impacted. | |||||
| CVE-2023-33870 | 1 Intel | 2 Administrative Tools For Intel Network Adapters, Ethernet Connections Boot Utility\, Preboot Images\, And Efi Drivers | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel(R) Ethernet tools and driver install software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-33695 | 1 Hutool | 1 Hutool | 2024-11-21 | N/A | 7.1 HIGH |
| Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java. | |||||