Total
29606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50706 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2024-11-21 | 4.1 Medium |
| A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens. | ||||
| CVE-2023-50559 | 1 Openxiangshan | 1 Xiangshan | 2024-11-21 | 5.5 Medium |
| An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache. | ||||
| CVE-2023-50477 | 1 Nos | 1 Nos Client | 2024-11-21 | 9.8 Critical |
| An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js. | ||||
| CVE-2023-50332 | 1 Weseek | 1 Growi | 2024-11-21 | 6.5 Medium |
| Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user's intention. | ||||
| CVE-2023-4922 | 1 Wpb Show Core Project | 1 Wpb Show Core | 2024-11-21 | 9.8 Critical |
| The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter. | ||||
| CVE-2023-4898 | 1 Mintplexlabs | 1 Anything-llm | 2024-11-21 | 7.5 High |
| Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. | ||||
| CVE-2023-4749 | 1 Mayurik | 1 Inventory Management System | 2024-11-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-4640 | 1 Yugabyte | 1 Yugabytedb | 2024-11-21 | 6.5 Medium |
| The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3 | ||||
| CVE-2023-4570 | 1 Ni | 1 Measurementlink | 2024-11-21 | 8.8 High |
| An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions. | ||||
| CVE-2023-4417 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2024-11-21 | 6.5 Medium |
| Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process. | ||||
| CVE-2023-4381 | 1 Instantcms | 1 Instantcms | 2024-11-21 | 4.3 Medium |
| Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||
| CVE-2023-4258 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.6 High |
| In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. | ||||
| CVE-2023-49938 | 1 Schedmd | 1 Slurm | 2024-11-21 | 8.2 High |
| An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7. | ||||
| CVE-2023-49248 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.5 Medium |
| Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access. | ||||
| CVE-2023-49245 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-49081 | 2 Aiohttp, Redhat | 5 Aiohttp, Ansible Automation Platform, Rhui and 2 more | 2024-11-21 | 7.2 High |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0. | ||||
| CVE-2023-49002 | 1 Xenomtechnologies | 1 Phone Dialer-voice Call Dialer | 2024-11-21 | 7.5 High |
| An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity. | ||||
| CVE-2023-48894 | 1 Huaxiaerp | 1 Jsherp | 2024-11-21 | 6.5 Medium |
| Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function. | ||||
| CVE-2023-48860 | 1 Totolink | 2 N300rt, N300rt Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code. | ||||
| CVE-2023-48849 | 1 Ruijie | 42 Rg-eg1000c, Rg-eg1000c Firmware, Rg-eg1000e and 39 more | 2024-11-21 | 9.8 Critical |
| Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering. | ||||