Total
29056 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49961 | 1 Wallix | 2 Bastion, Bastion Access Manager | 2024-11-21 | N/A | 7.5 HIGH |
| WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure. | |||||
| CVE-2023-49938 | 1 Schedmd | 1 Slurm | 2024-11-21 | N/A | 8.2 HIGH |
| An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7. | |||||
| CVE-2023-49722 | 1 Bosch | 6 Bcc101, Bcc101 Firmware, Bcc102 and 3 more | 2024-11-21 | N/A | 8.3 HIGH |
| Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network. | |||||
| CVE-2023-49589 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 8.8 HIGH |
| An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2023-49248 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.5 MEDIUM |
| Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access. | |||||
| CVE-2023-49246 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-49245 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-49081 | 1 Aiohttp | 1 Aiohttp | 2024-11-21 | N/A | 7.2 HIGH |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0. | |||||
| CVE-2023-49002 | 1 Xenomtechnologies | 1 Phone Dialer-voice Call Dialer | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity. | |||||
| CVE-2023-48894 | 1 Huaxiaerp | 1 Jsherp | 2024-11-21 | N/A | 6.5 MEDIUM |
| Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function. | |||||
| CVE-2023-48860 | 1 Totolink | 2 N300rt, N300rt Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code. | |||||
| CVE-2023-48849 | 1 Ruijie | 42 Rg-eg1000c, Rg-eg1000c Firmware, Rg-eg1000e and 39 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering. | |||||
| CVE-2023-48303 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 2.4 LOW |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured external storage. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-48297 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 8.6 HIGH |
| Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5. | |||||
| CVE-2023-48252 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 8.8 HIGH |
| The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. | |||||
| CVE-2023-48239 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 8.5 HIGH |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and starting in version 20.0.0 and prior to versions 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Enterprise Server, a malicious user could update any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud Server 25.0.13, 26.0.8, and 27.1.3 and Nextcloud Enterprise Server is upgraded to 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 contain a patch for this issue. As a workaround, disable app files_external. This workaround also makes the external storage inaccessible but retains the configurations until a patched version has been deployed. | |||||
| CVE-2023-47889 | 1 Binhdrm26 | 1 Super Reboot | 2024-11-21 | N/A | 7.8 HIGH |
| The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly concerning because these actions include powering off, system reboot & entering recovery mode. | |||||
| CVE-2023-47882 | 1 Kamivision | 1 Yi Iot | 2024-11-21 | N/A | 7.1 HIGH |
| The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9_20231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component. | |||||
| CVE-2023-47867 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device. | |||||
| CVE-2023-47865 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 4.3 MEDIUM |
| Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled | |||||