Total
29606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3580 | 1 Squidex.io | 1 Squidex | 2024-11-21 | 4.3 Medium |
| Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0. | ||||
| CVE-2023-3574 | 1 Pimcore | 2 Customer-data-framework, Customer Management Framework | 2024-11-21 | 6.5 Medium |
| Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1. | ||||
| CVE-2023-3518 | 1 Hashicorp | 1 Consul | 2024-11-21 | 7.4 High |
| HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1. | ||||
| CVE-2023-3517 | 1 Hitachi | 1 Pentaho Data Integration And Analytics | 2024-11-21 | 8.5 High |
| Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources. | ||||
| CVE-2023-3405 | 1 M-files | 1 M-files Server | 2024-11-21 | 7.5 High |
| Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service | ||||
| CVE-2023-3374 | 1 Bookreen | 1 Bookreen | 2024-11-21 | 9.8 Critical |
| Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0. | ||||
| CVE-2023-3304 | 1 Admidio | 1 Admidio | 2024-11-21 | 5.4 Medium |
| Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | ||||
| CVE-2023-3266 | 1 Cyberpower | 1 Powerpanel Server | 2024-11-21 | 9.8 Critical |
| A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully. | ||||
| CVE-2023-3265 | 1 Cyberpower | 1 Powerpanel Server | 2024-11-21 | 9.8 Critical |
| An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator with hardcoded default credentials. | ||||
| CVE-2023-3253 | 1 Tenable | 1 Nessus | 2024-11-21 | 4.3 Medium |
| An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application. | ||||
| CVE-2023-3099 | 1 Ubuntukylin | 1 Youker-assistant | 2024-11-21 | 4.4 Medium |
| A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function delete_file in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230689 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3037 | 1 Helpdezk | 1 Helpdezk | 2024-11-21 | 8.6 High |
| Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter. | ||||
| CVE-2023-39909 | 1 Ericsson | 1 Network Manager | 2024-11-21 | 8.8 High |
| Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. | ||||
| CVE-2023-39743 | 1 Pete4abw | 1 Lzma Software Development Kit | 2024-11-21 | 5.3 Medium |
| lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c. | ||||
| CVE-2023-39445 | 2 Elecom, Logitec | 15 Wrc-1467ghbk-a, Wrc-1467ghbk-a Firmware, Wrc-1467ghbk-s and 12 more | 2024-11-21 | 8.8 High |
| Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console. | ||||
| CVE-2023-39406 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart. | ||||
| CVE-2023-39259 | 1 Dell | 1 Os Recovery Tool | 2024-11-21 | 7.3 High |
| Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system. | ||||
| CVE-2023-39257 | 1 Dell | 1 Rugged Control Center | 2024-11-21 | 7.3 High |
| Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege escalation on the system. | ||||
| CVE-2023-39256 | 1 Dell | 1 Rugged Control Center | 2024-11-21 | 7.3 High |
| Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation on the system. | ||||
| CVE-2023-39253 | 1 Dell | 1 Os Recovery Tool | 2024-11-21 | 7.3 High |
| Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system. | ||||