Total
29606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48303 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 2.4 Low |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured external storage. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. No known workarounds are available. | ||||
| CVE-2023-47882 | 1 Kamivision | 1 Yi Iot | 2024-11-21 | 7.1 High |
| The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9_20231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component. | ||||
| CVE-2023-47867 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2024-11-21 | 8.8 High |
| MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device. | ||||
| CVE-2023-47865 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 4.3 Medium |
| Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled | ||||
| CVE-2023-47678 | 1 Asus | 2 Rt-ac87u, Rt-ac87u Firmware | 2024-11-21 | 9.1 Critical |
| An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp. | ||||
| CVE-2023-47615 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2024-11-21 | 3.3 Low |
| A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system. | ||||
| CVE-2023-47574 | 1 Relyum | 4 Rely-pcie, Rely-pcie Firmware, Rely-rec and 1 more | 2024-11-21 | 5.9 Medium |
| An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. There is a Weak SMB configuration with signing disabled. | ||||
| CVE-2023-47323 | 1 Silverpeas | 1 Silverpeas | 2024-11-21 | 7.5 High |
| The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators. | ||||
| CVE-2023-47140 | 1 Ibm | 1 Cics Transaction Gateway | 2024-11-21 | 4 Medium |
| IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. | ||||
| CVE-2023-47106 | 1 Traefik | 1 Traefik | 2024-11-21 | 4.8 Medium |
| Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-47034 | 1 Uniswapfrontrunbot Project | 1 Uniswapfrontrunbot | 2024-11-21 | 7.5 High |
| A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to cause financial losses via unspecified vectors. | ||||
| CVE-2023-46992 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages. | ||||
| CVE-2023-46813 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | 7.0 High |
| An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. | ||||
| CVE-2023-46774 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. | ||||
| CVE-2023-46765 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. | ||||
| CVE-2023-46759 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-46758 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device. | ||||
| CVE-2023-46756 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.3 Medium |
| Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows. | ||||
| CVE-2023-46753 | 2 Frrouting, Redhat | 2 Frrouting, Enterprise Linux | 2024-11-21 | 5.9 Medium |
| An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute. | ||||
| CVE-2023-46752 | 2 Frrouting, Redhat | 2 Frrouting, Enterprise Linux | 2024-11-21 | 5.9 Medium |
| An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash. | ||||