Total
1750 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52367 | 2024-11-21 | N/A | 7.7 HIGH | ||
| Vulnerability of improper access control in the media library module.Successful exploitation of this vulnerability may affect service availability and integrity. | |||||
| CVE-2023-52114 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Data confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2023-52105 | 1 Huawei | 1 Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-51786 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows attackers to escalate privileges and obtain sensitive information via Incorrect Access Control. | |||||
| CVE-2023-51774 | 2024-11-21 | N/A | 8.4 HIGH | ||
| The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode. | |||||
| CVE-2023-51070 | 1 Qstar | 1 Archive Storage Manager | 2024-11-21 | N/A | 7.5 HIGH |
| An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server. | |||||
| CVE-2023-50928 | 1 Amazon | 1 Awslabs Sandbox Accounts For Events | 2024-11-21 | N/A | 7.1 HIGH |
| "Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0. | |||||
| CVE-2023-50783 | 1 Apache | 1 Airflow | 2024-11-21 | N/A | 6.5 MEDIUM |
| Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are recommended to upgrade to 2.8.0, which fixes this issue | |||||
| CVE-2023-50702 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged users have write access to %PROGRAMDATA%\SSCService). Consequently, low-privileged users can execute arbitrary code as LocalSystem. | |||||
| CVE-2023-50257 | 2024-11-21 | N/A | 9.6 CRITICAL | ||
| eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where the data (`p[UD]`) and `guid` values used to disconnect between nodes are not encrypted, a vulnerability has been discovered where a malicious attacker can forcibly disconnect a Subscriber and can deny a Subscriber attempting to connect. Afterwards, if the attacker sends the packet for disconnecting, which is data (`p[UD]`), to the Global Data Space (`239.255.0.1:7400`) using the said Publisher ID, all the Subscribers (Listeners) connected to the Publisher (Talker) will not receive any data and their connection will be disconnected. Moreover, if this disconnection packet is sent continuously, the Subscribers (Listeners) trying to connect will not be able to do so. Since the initial commit of the `SecurityManager.cpp` code (`init`, `on_process_handshake`) on Nov 8, 2016, the Disconnect Vulnerability in RTPS Packets Used by SROS2 has been present prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7. | |||||
| CVE-2023-50181 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 4.9 MEDIUM |
| An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests. | |||||
| CVE-2023-4696 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. | |||||
| CVE-2023-4650 | 1 Instantcms | 1 Instantcms | 2024-11-21 | N/A | 4.7 MEDIUM |
| Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | |||||
| CVE-2023-4183 | 1 Inventory Management System Project | 1 Inventory Management System | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit_update.php of the component Password Handler. The manipulation of the argument user_id leads to improper access controls. The attack can be initiated remotely. VDB-236218 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-49978 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators. | |||||
| CVE-2023-49931 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted. | |||||
| CVE-2023-49791 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 5.4 MEDIUM |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an active session of another user via another way, they could delete and modify workflows by sending calls directly to the API bypassing the password confirmation shown in the UI. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-49545 | 2024-11-21 | N/A | 7.5 HIGH | ||
| A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization. | |||||
| CVE-2023-49543 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating. | |||||
| CVE-2023-49473 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware version V1.2.0 and software version V2.0.0 build 6245 is vulnerable to Incorrect Access Control. | |||||