Total
29056 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47862 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 9.8 CRITICAL |
| A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2023-47858 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint. | |||||
| CVE-2023-47678 | 1 Asus | 2 Rt-ac87u, Rt-ac87u Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp. | |||||
| CVE-2023-47615 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2024-11-21 | N/A | 3.3 LOW |
| A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system. | |||||
| CVE-2023-47574 | 1 Relyum | 4 Rely-pcie, Rely-pcie Firmware, Rely-rec and 1 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. There is a Weak SMB configuration with signing disabled. | |||||
| CVE-2023-47354 | 1 Binhdrm26 | 1 Super Reboot | 2024-11-21 | N/A | 7.8 HIGH |
| An issue in the PowerOffWidgetReceiver function of Super Reboot (Root) Recovery v1.0.3 allows attackers to arbitrarily reset or power off the device via a crafted intent | |||||
| CVE-2023-47352 | 1 Technicolor | 2 Tc8715d, Tc8715d Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords. | |||||
| CVE-2023-47327 | 1 Silverpeas | 1 Silverpeas | 2024-11-21 | N/A | 4.3 MEDIUM |
| The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL. | |||||
| CVE-2023-47325 | 1 Silverpeas | 1 Silverpeas | 2024-11-21 | N/A | 5.4 MEDIUM |
| Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces. | |||||
| CVE-2023-47323 | 1 Silverpeas | 1 Silverpeas | 2024-11-21 | N/A | 7.5 HIGH |
| The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators. | |||||
| CVE-2023-47321 | 1 Silverpeas | 1 Silverpeas | 2024-11-21 | N/A | 4.9 MEDIUM |
| Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets. | |||||
| CVE-2023-47320 | 1 Silverpeas | 1 Silverpeas | 2024-11-21 | N/A | 8.1 HIGH |
| Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below. | |||||
| CVE-2023-47202 | 1 Trendmicro | 1 Apex One | 2024-11-21 | N/A | 7.8 HIGH |
| A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2023-47171 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read. | |||||
| CVE-2023-47140 | 1 Ibm | 1 Cics Transaction Gateway | 2024-11-21 | N/A | 4.0 MEDIUM |
| IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. | |||||
| CVE-2023-47132 | 1 N-able | 1 N-central | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls. | |||||
| CVE-2023-47106 | 1 Traefik | 1 Traefik | 2024-11-21 | N/A | 4.8 MEDIUM |
| Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-47035 | 1 Etherscan | 1 Reptilian Coin | 2024-11-21 | N/A | 7.5 HIGH |
| RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations. | |||||
| CVE-2023-47034 | 1 Uniswapfrontrunbot Project | 1 Uniswapfrontrunbot | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to cause financial losses via unspecified vectors. | |||||
| CVE-2023-47033 | 1 Multisigwallet Project | 1 Multisigwallet | 2024-11-21 | N/A | 7.5 HIGH |
| MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction. | |||||