Total
29058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26466 | 1 Pega | 1 Synchronization Engine | 2024-11-21 | N/A | 7.8 HIGH |
| A user with non-Admin access can change a configuration file on the client to modify the Server URL. | |||||
| CVE-2023-26360 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 8.6 HIGH |
| Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-26303 | 1 Executablebooks | 1 Markdown-it-py | 2024-11-21 | N/A | 3.3 LOW |
| Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input. | |||||
| CVE-2023-26302 | 1 Executablebooks | 1 Markdown-it-py | 2024-11-21 | N/A | 3.3 LOW |
| Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input. | |||||
| CVE-2023-26284 | 1 Ibm | 1 Mq Certified Container | 2024-11-21 | N/A | 7.5 HIGH |
| IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417. | |||||
| CVE-2023-26078 | 2 Atera, Microsoft | 2 Atera, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs. | |||||
| CVE-2023-26077 | 2 Atera, Microsoft | 2 Atera, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2023-26055 | 1 Xwiki | 1 Commons | 2024-11-21 | N/A | 9.9 CRITICAL |
| XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places where short text properties are displayed, e.g., in apps created using Apps Within Minutes that use a short text field. The problem has been patched on versions 13.10.9, 14.4.4, 14.7RC1. | |||||
| CVE-2023-25821 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 5.7 MEDIUM |
| Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available. | |||||
| CVE-2023-25725 | 2 Debian, Haproxy | 2 Debian Linux, Haproxy | 2024-11-21 | N/A | 9.1 CRITICAL |
| HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. | |||||
| CVE-2023-25632 | 1 Naver | 1 Whale Browser | 2024-11-21 | N/A | 5.5 MEDIUM |
| The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature. | |||||
| CVE-2023-25608 | 1 Fortinet | 4 Fortiap, Fortiap-c, Fortiap-u and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments. | |||||
| CVE-2023-25605 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | N/A | 7.5 HIGH |
| A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests. | |||||
| CVE-2023-25589 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise. | |||||
| CVE-2023-25519 | 1 Nvidia | 8 Bluefield 1, Bluefield 1 Firmware, Bluefield 2 Ga and 5 more | 2024-11-21 | N/A | 7.8 HIGH |
| NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges. | |||||
| CVE-2023-25517 | 4 Citrix, Nvidia, Redhat and 1 more | 4 Hypervisor, Gpu Display Driver, Enterprise Linux Kernel-based Virtual Machine and 1 more | 2024-11-21 | N/A | 7.1 HIGH |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering. | |||||
| CVE-2023-25515 | 2 Microsoft, Nvidia | 10 Windows, Cloud Gaming, Geforce and 7 more | 2024-11-21 | N/A | 7.8 HIGH |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure. | |||||
| CVE-2023-25399 | 1 Scipy | 1 Scipy | 2024-11-21 | N/A | 5.5 MEDIUM |
| A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly. | |||||
| CVE-2023-25366 | 1 Siglent | 2 Sds 1104x-e, Sds 1104x-e Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password. | |||||
| CVE-2023-25240 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 8.8 HIGH |
| An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code. | |||||