Total
29055 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24486 | 1 Citrix | 1 Workspace | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched. | |||||
| CVE-2023-24484 | 1 Citrix | 1 Workspace | 2024-11-21 | N/A | 5.5 MEDIUM |
| A malicious user can cause log files to be written to a directory that they do not have permission to write to. | |||||
| CVE-2023-24468 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-11-21 | N/A | 9.8 CRITICAL |
| Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2 | |||||
| CVE-2023-24320 | 1 Axcora | 1 Axcora | 2024-11-21 | N/A | 9.8 CRITICAL |
| An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2023-24217 | 1 Agilebio | 1 Electronic Lab Notebook | 2024-11-21 | N/A | 8.8 HIGH |
| AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability. | |||||
| CVE-2023-24056 | 1 Pkgconf | 1 Pkgconf | 2024-11-21 | N/A | 5.5 MEDIUM |
| In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. | |||||
| CVE-2023-24038 | 2 Debian, Html-stripscripts Project | 2 Debian Linux, Html-stripscripts | 2024-11-21 | N/A | 7.5 HIGH |
| The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. | |||||
| CVE-2023-24028 | 1 Misp-project | 1 Misp | 2024-11-21 | N/A | 9.8 CRITICAL |
| In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function. | |||||
| CVE-2023-24021 | 2 Debian, Trustwave | 2 Debian Linux, Modsecurity | 2024-11-21 | N/A | 7.5 HIGH |
| Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. | |||||
| CVE-2023-23919 | 1 Nodejs | 1 Node.js | 2024-11-21 | N/A | 7.5 HIGH |
| A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service. | |||||
| CVE-2023-23752 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | |||||
| CVE-2023-23698 | 1 Dell | 2 Alienware Update, Command Update | 2024-11-21 | N/A | 5.5 MEDIUM |
| Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete. | |||||
| CVE-2023-23568 | 1 Gallagher | 1 Command Centre | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior | |||||
| CVE-2023-23566 | 1 Axigen | 1 Axigen Mail Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code. | |||||
| CVE-2023-23562 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | N/A | 4.3 MEDIUM |
| Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters. | |||||
| CVE-2023-23561 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | N/A | 5.5 MEDIUM |
| Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information. | |||||
| CVE-2023-23487 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Db2, Linux Kernel and 2 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918. | |||||
| CVE-2023-23461 | 1 Libpeconv Project | 1 Libpeconv | 2024-11-21 | N/A | 9.8 CRITICAL |
| Libpeconv – access violation, before commit b076013 (30/11/2022). | |||||
| CVE-2023-23128 | 1 Connectwise | 1 Connectwise | 2024-11-21 | N/A | 6.1 MEDIUM |
| Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid. | |||||
| CVE-2023-22951 | 1 Tigergraph | 2 Cloud, Tigergraph Enterprise | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints. | |||||