Total
1752 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28246 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows Server 2022 | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Registry Elevation of Privilege Vulnerability | |||||
| CVE-2023-28070 | 1 Dell | 1 Alienware Command Center | 2024-11-21 | N/A | 6.7 MEDIUM |
| Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation. | |||||
| CVE-2023-28066 | 1 Dell | 1 Os Recovery Tool | 2024-11-21 | N/A | 7.3 HIGH |
| Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system. | |||||
| CVE-2023-27350 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2024-11-21 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987. | |||||
| CVE-2023-27303 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 3.8 LOW |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-27301 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 4.2 MEDIUM |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-27268 | 1 Sap | 1 Netweaver Application Server For Java | 2024-11-21 | N/A | 5.3 MEDIUM |
| SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability., resulting in escalation of privileges. | |||||
| CVE-2023-26596 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 2.5 LOW |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-26585 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 5.0 MEDIUM |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-26460 | 1 Sap | 1 Netweaver Application Server For Java | 2024-11-21 | N/A | 5.3 MEDIUM |
| Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity | |||||
| CVE-2023-26360 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 8.6 HIGH |
| Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-25777 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 7.9 HIGH |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-25073 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | N/A | 5.5 MEDIUM |
| Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-24905 | 1 Microsoft | 5 Windows 10 20h2, Windows 10 21h2, Windows 10 22h2 and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2023-24844 | 1 Qualcomm | 86 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 83 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range. | |||||
| CVE-2023-24481 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 6.3 MEDIUM |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-23835 | 1 Mendix | 1 Mendix | 2024-11-21 | N/A | 5.9 MEDIUM |
| A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9 (All versions < V9.22.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.10), Mendix Applications using Mendix 9 (V9.18) (All versions < V9.18.4), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.15). Some of the Mendix runtime API’s allow attackers to bypass XPath constraints and retrieve information using XPath queries that trigger errors. | |||||
| CVE-2023-23752 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | |||||
| CVE-2023-23615 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 5.3 MEDIUM |
| Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts. | |||||
| CVE-2023-22848 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 5.5 MEDIUM |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. | |||||