Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-32479 | 2 Dell, Microsoft | 4 Encryption, Endpoint Security Suite Enterprise, Security Management Server and 1 more | 2024-02-28 | N/A | 7.8 HIGH |
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation. | |||||
CVE-2023-31293 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-02-28 | N/A | 4.3 MEDIUM |
An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled. | |||||
CVE-2023-48849 | 1 Ruijie | 42 Rg-eg1000c, Rg-eg1000c Firmware, Rg-eg1000e and 39 more | 2024-02-28 | N/A | 9.8 CRITICAL |
Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering. | |||||
CVE-2023-39253 | 1 Dell | 1 Os Recovery Tool | 2024-02-28 | N/A | 7.8 HIGH |
Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system. | |||||
CVE-2023-27318 | 1 Netapp | 1 Storagegrid | 2024-02-28 | N/A | 7.5 HIGH |
StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service. | |||||
CVE-2023-35867 | 1 Bosch | 20 Onvif Camera Event Driver Tool, Bosch Video Management System, Building Integration System Video Engine and 17 more | 2024-02-28 | N/A | 5.9 MEDIUM |
An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks. | |||||
CVE-2023-47862 | 1 Wwbn | 1 Avideo | 2024-02-28 | N/A | 9.8 CRITICAL |
A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
CVE-2021-22142 | 1 Elastic | 1 Kibana | 2024-02-28 | N/A | 8.8 HIGH |
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content. | |||||
CVE-2023-50082 | 1 Pbootcms | 1 Pbootcms | 2024-02-28 | N/A | 7.5 HIGH |
Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform. | |||||
CVE-2023-47574 | 1 Relyum | 4 Rely-pcie, Rely-pcie Firmware, Rely-rec and 1 more | 2024-02-28 | N/A | 5.9 MEDIUM |
An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. There is a Weak SMB configuration with signing disabled. | |||||
CVE-2023-47202 | 1 Trendmicro | 1 Apex One | 2024-02-28 | N/A | 7.8 HIGH |
A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2022-43666 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-02-28 | N/A | 5.5 MEDIUM |
Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2023-50332 | 1 Weseek | 1 Growi | 2024-02-28 | N/A | 6.5 MEDIUM |
Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user's intention. | |||||
CVE-2023-32230 | 1 Bosch | 7 Monitor Wall, Video Recording Manager, Video Streaming Gateway and 4 more | 2024-02-28 | N/A | 7.5 HIGH |
An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. | |||||
CVE-2023-6447 | 1 Metagauss | 1 Eventprime | 2024-02-28 | N/A | 5.3 MEDIUM |
The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. | |||||
CVE-2023-49589 | 1 Wwbn | 1 Avideo | 2024-02-28 | N/A | 8.8 HIGH |
An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2023-38411 | 1 Intel | 1 Smart Campus | 2024-02-28 | N/A | 7.8 HIGH |
Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-28197 | 1 Apple | 1 Macos | 2024-02-28 | N/A | 3.3 LOW |
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data. | |||||
CVE-2023-47320 | 1 Silverpeas | 1 Silverpeas | 2024-02-28 | N/A | 8.1 HIGH |
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below. | |||||
CVE-2023-51074 | 1 Json-path | 1 Jayway Jsonpath | 2024-02-28 | N/A | 5.3 MEDIUM |
json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method. |