Total
615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41742 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect, Macos and 2 more | 2024-11-21 | N/A | 7.5 HIGH |
| Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | |||||
| CVE-2023-41120 | 1 Enterprisedb | 1 Postgres Advanced Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMS_PROFILER to remove all accumulated profiling data on a system-wide basis, regardless of that user's permissions. | |||||
| CVE-2023-40788 | 1 Bladex | 1 Springblade | 2024-11-21 | N/A | 5.3 MEDIUM |
| SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs | |||||
| CVE-2023-3972 | 1 Redhat | 19 Enterprise Linux, Enterprise Linux Aus, Enterprise Linux Desktop and 16 more | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide). | |||||
| CVE-2023-3670 | 1 Codesys | 2 Development System, Scripting | 2024-11-21 | N/A | 7.3 HIGH |
| In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users. | |||||
| CVE-2023-3456 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-3455 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 9.1 CRITICAL |
| Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity. | |||||
| CVE-2023-3299 | 1 Hashicorp | 1 Nomad | 2024-11-21 | N/A | 3.4 LOW |
| HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11. | |||||
| CVE-2023-3270 | 1 Sick | 2 Icr890-4, Icr890-4 Firmware | 2024-11-21 | N/A | 8.6 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system. | |||||
| CVE-2023-39974 | 1 Acymailing | 1 Acymailing | 2024-11-21 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list. | |||||
| CVE-2023-39478 | 2024-11-21 | N/A | 6.6 MEDIUM | ||
| Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of OPC FileDirectory namespaces. The issue results from the lack of proper validation of user-supplied data before using it to create a server object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20547. | |||||
| CVE-2023-39383 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security. | |||||
| CVE-2023-39214 | 1 Zoom | 3 Meeting Software Development Kit, Rooms, Zoom | 2024-11-21 | N/A | 7.6 HIGH |
| Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access. | |||||
| CVE-2023-39171 | 1 Enbw | 2 Senec Storage Box, Senec Storage Box Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials. | |||||
| CVE-2023-39155 | 1 Jenkins | 1 Chef Identity | 2024-11-21 | N/A | 5.3 MEDIUM |
| Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it. | |||||
| CVE-2023-39058 | 1 The B Members Card Project | 1 The B Members Card | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39056 | 1 Coffee-jumbo Project | 1 Coffee-jumbo | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39049 | 1 Youmart-tokunaga Project | 1 Youmart-tokunaga | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39046 | 1 Tonton-tei Waiting Project | 1 Tonton-tei Waiting | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39043 | 1 Ykc | 1 Tokushima Awayokocho | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||