Total
29759 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4700 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 3.5 LOW |
| An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals. | |||||
| CVE-2023-4640 | 1 Yugabyte | 1 Yugabytedb | 2024-11-21 | N/A | 6.5 MEDIUM |
| The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3 | |||||
| CVE-2023-4570 | 1 Ni | 1 Measurementlink | 2024-11-21 | N/A | 8.8 HIGH |
| An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions. | |||||
| CVE-2023-4456 | 1 Redhat | 1 Openshift Logging | 2024-11-21 | N/A | 5.7 MEDIUM |
| A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached. | |||||
| CVE-2023-4417 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process. | |||||
| CVE-2023-4381 | 1 Instantcms | 1 Instantcms | 2024-11-21 | N/A | 4.3 MEDIUM |
| Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | |||||
| CVE-2023-4258 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | N/A | 8.6 HIGH |
| In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. | |||||
| CVE-2023-4237 | 1 Redhat | 2 Ansible Automation Platform, Ansible Collection | 2024-11-21 | N/A | 7.3 HIGH |
| A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability. | |||||
| CVE-2023-4018 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects. | |||||
| CVE-2023-49722 | 1 Bosch | 6 Bcc101, Bcc101 Firmware, Bcc102 and 3 more | 2024-11-21 | N/A | 8.3 HIGH |
| Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network. | |||||
| CVE-2023-49248 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.5 MEDIUM |
| Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access. | |||||
| CVE-2023-49245 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-49002 | 1 Xenomtechnologies | 1 Phone Dialer-voice Call Dialer | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity. | |||||
| CVE-2023-48894 | 1 Huaxiaerp | 1 Jsherp | 2024-11-21 | N/A | 6.5 MEDIUM |
| Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function. | |||||
| CVE-2023-48860 | 1 Totolink | 2 N300rt, N300rt Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code. | |||||
| CVE-2023-48849 | 1 Ruijie | 42 Rg-eg1000c, Rg-eg1000c Firmware, Rg-eg1000e and 39 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering. | |||||
| CVE-2023-48303 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 2.4 LOW |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured external storage. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-48297 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 8.6 HIGH |
| Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5. | |||||
| CVE-2023-48252 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 8.8 HIGH |
| The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. | |||||
| CVE-2023-48239 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 8.5 HIGH |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and starting in version 20.0.0 and prior to versions 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Enterprise Server, a malicious user could update any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud Server 25.0.13, 26.0.8, and 27.1.3 and Nextcloud Enterprise Server is upgraded to 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 contain a patch for this issue. As a workaround, disable app files_external. This workaround also makes the external storage inaccessible but retains the configurations until a patched version has been deployed. | |||||