Total
4638 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20773 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6735 and 31 more | 2024-11-21 | N/A | 7.8 HIGH |
| In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07611449; Issue ID: ALPS07441735. | |||||
| CVE-2023-20772 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6735 and 31 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441796; Issue ID: ALPS07441796. | |||||
| CVE-2023-20064 | 1 Cisco | 40 Asr 9000v-v2, Asr 9001, Asr 9006 and 37 more | 2024-11-21 | N/A | 4.6 MEDIUM |
| A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device. | |||||
| CVE-2023-1903 | 1 Sap | 1 Hcm Fiori App My Forms | 2024-11-21 | N/A | 4.3 MEDIUM |
| SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data. | |||||
| CVE-2023-1782 | 1 Hashicorp | 1 Nomad | 2024-11-21 | N/A | 9.9 CRITICAL |
| HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3. | |||||
| CVE-2023-1774 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | N/A | 4.2 MEDIUM |
| When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel. | |||||
| CVE-2023-1705 | 1 Forcepoint | 1 One Smartedge Agent | 2024-11-21 | N/A | 8.4 HIGH |
| Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows (bgAutoinstaller service modules) allows Privilege Escalation, Functionality Bypass.This issue affects F|One SmartEdge Agent: before 1.7.0.230330-554. | |||||
| CVE-2023-1337 | 1 Rapidload | 1 Power-up For Autoptimize | 2024-11-21 | N/A | 4.3 MEDIUM |
| The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files. | |||||
| CVE-2023-1296 | 1 Hashicorp | 1 Nomad | 2024-11-21 | N/A | 2.7 LOW |
| HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1. | |||||
| CVE-2023-1262 | 1 Silabs | 2 Wireless Smart Ubiquitous Network Linux Border Router, Wireless Smart Ubiquitous Network Linux Border Router Firmware | 2024-11-21 | N/A | 8.2 HIGH |
| Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router v1.5.2 and earlier allows malicious node to route malicious messages through network. | |||||
| CVE-2023-1261 | 1 Silabs | 1 Wi-sun Software Development Kit | 2024-11-21 | N/A | 8.2 HIGH |
| Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and earlier allows malicious node to route malicious messages through network. | |||||
| CVE-2023-1114 | 1 Eskom | 1 E-belediye | 2024-11-21 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation.This issue affects e-Belediye: from 1.0.0.95 before 1.0.0.100. | |||||
| CVE-2023-1027 | 1 Joomunited | 1 Wp Meta Seo | 2024-11-21 | N/A | 4.3 MEDIUM |
| The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post categories. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role. | |||||
| CVE-2023-0923 | 1 Redhat | 2 Enterprise Linux, Openshift Data Science | 2024-11-21 | N/A | 8.8 HIGH |
| A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues. | |||||
| CVE-2023-0890 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2024-11-21 | N/A | 6.5 MEDIUM |
| The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of protected posts | |||||
| CVE-2023-0720 | 1 Wickedplugins | 1 Wicked Folders | 2024-11-21 | N/A | 5.4 MEDIUM |
| The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. | |||||
| CVE-2023-0713 | 1 Wickedplugins | 1 Wicked Folders | 2024-11-21 | N/A | 5.4 MEDIUM |
| The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. | |||||
| CVE-2023-0678 | 1 Phpipam | 1 Phpipam | 2024-11-21 | N/A | 5.3 MEDIUM |
| Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1. | |||||
| CVE-2023-0456 | 1 Redhat | 1 Apicast | 2024-11-21 | N/A | 7.4 HIGH |
| A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information. | |||||
| CVE-2023-0404 | 1 E-dynamics | 1 Events Made Easy | 2024-11-21 | N/A | 5.4 MEDIUM |
| The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functions intended for administrator use. While the plugin is still pending review from the WordPress repository, site owners can download a copy of the patched version directly from the developer's Github at https://github.com/liedekef/events-made-easy | |||||