Total
3177 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44234 | 1 Devfarm | 1 Wp Gpx Maps | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through 1.7.08. | |||||
| CVE-2023-44227 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in Mitchell Bennis Simple File List.This issue affects Simple File List: from n/a through 6.1.9. | |||||
| CVE-2023-44214 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. | |||||
| CVE-2023-44212 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-11-21 | N/A | 7.1 HIGH |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477. | |||||
| CVE-2023-44211 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-11-21 | N/A | 7.1 HIGH |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||||
| CVE-2023-44210 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29258. | |||||
| CVE-2023-44208 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2024-11-21 | N/A | 9.1 CRITICAL |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713. | |||||
| CVE-2023-44151 | 1 Brainstormforce | 1 Pre-publish Checklist | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through 1.1.1. | |||||
| CVE-2023-44148 | 1 Brainstormforce | 1 Astra | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7. | |||||
| CVE-2023-44113 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-43885 | 1 Tenda | 2 Rx9 Pro, Rx9 Pro Firmware | 2024-11-21 | N/A | 8.1 HIGH |
| Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device. | |||||
| CVE-2023-43846 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Incorrect access control in logs management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote attackers to get the device logs via HTTP GET request. The logs contain such information as user names and IP addresses used in the infrastructure. This information may help the attackers to conduct further attacks in the infrastructure. | |||||
| CVE-2023-43700 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-11-21 | N/A | 7.7 HIGH |
| Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication. | |||||
| CVE-2023-43652 | 1 Fit2cloud | 1 Jumpserver | 2024-11-21 | N/A | 8.2 HIGH |
| JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used as an authentication secret alone. JumpServer provides an API for the KoKo component to validate user private key logins. This API does not verify the source of requests and will generate a personal authentication token. Given that public keys can be easily leaked, an attacker can exploit the leaked public key and username to authenticate, subsequently gaining access to the current user's information and authorized actions. This issue has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-43501 | 1 Jenkins | 1 Build Failure Analyzer | 2024-11-21 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. | |||||
| CVE-2023-43488 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2024-11-21 | N/A | 7.9 HIGH |
| The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB. | |||||
| CVE-2023-43194 | 1 Rcos | 1 Submitty | 2024-11-21 | N/A | 5.3 MEDIUM |
| Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter. | |||||
| CVE-2023-43135 | 1 Tp-link | 2 Tl-er5120g, Tl-er5120g Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | |||||
| CVE-2023-43134 | 1 Netis-systems | 2 360r, 360r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | |||||
| CVE-2023-43090 | 2 Fedoraproject, Gnome | 2 Fedora, Gnome-shell | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. | |||||