Total
29606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39249 | 1 Dell | 1 Supportassist For Home Pcs | 2024-11-21 | 6.3 Medium |
| Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes. | ||||
| CVE-2023-39226 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 9.8 Critical |
| In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet. | ||||
| CVE-2023-39218 | 1 Zoom | 3 Rooms, Virtual Desktop Infrastructure, Zoom | 2024-11-21 | 6.1 Medium |
| Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. | ||||
| CVE-2023-39199 | 1 Zoom | 4 Meetings, Rooms, Virtual Desktop Infrastructure and 1 more | 2024-11-21 | 4.9 Medium |
| Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. | ||||
| CVE-2023-38898 | 1 Python | 1 Python | 2024-11-21 | 5.3 Medium |
| An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug. | ||||
| CVE-2023-38880 | 1 Os4ed | 1 Opensis | 2024-11-21 | 9.8 Critical |
| The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup<date>.sql" (e.g. "opensisBackup07-20-2023.sql"), i.e. can easily be guessed. This file can be accessed by any unauthenticated actor and contains a dump of the whole database including password hashes. | ||||
| CVE-2023-38752 | 1 Jpcert | 1 Special Interest Group Network For Analysis And Liaison | 2024-11-21 | 4.3 Medium |
| Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings. | ||||
| CVE-2023-38751 | 1 Jpcert | 1 Special Interest Group Network For Analysis And Liaison | 2024-11-21 | 4.3 Medium |
| Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation. | ||||
| CVE-2023-38744 | 1 Omron | 27 Cj1w-eip21, Cj1w-eip21 Firmware, Cj2h-cpu64-eip and 24 more | 2024-11-21 | 7.5 High |
| Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier. | ||||
| CVE-2023-38741 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Aix, Txseries For Multiplatform and 3 more | 2024-11-21 | 7.5 High |
| IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 262905. | ||||
| CVE-2023-38576 | 2 Elecom, Logitec | 3 Lan-wh300n\/re, Lan-wh300n\/re Firmware, Lan-wh300n Re | 2024-11-21 | 8.0 High |
| Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. | ||||
| CVE-2023-38570 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | 5.3 Medium |
| Access of memory location after end of buffer for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-38411 | 1 Intel | 1 Smart Campus | 2024-11-21 | 3.9 Low |
| Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-38335 | 1 Omnis | 1 Studio | 2024-11-21 | 5.3 Medium |
| Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation". | ||||
| CVE-2023-38334 | 1 Omnis | 1 Studio | 2024-11-21 | 6.5 Medium |
| Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation." | ||||
| CVE-2023-38195 | 1 Datalust | 1 Seq | 2024-11-21 | 4.9 Medium |
| Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. This is exploitable only when external (SQL Server or PostgreSQL) metadata storage is used. Exploitation can only occur from a high-privileged user account. | ||||
| CVE-2023-37935 | 1 Fortinet | 1 Fortios | 2024-11-21 | 6.5 Medium |
| A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. | ||||
| CVE-2023-37759 | 1 Trendylogics | 1 Crypto Currency Tracker | 2024-11-21 | 9.8 Critical |
| Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request. | ||||
| CVE-2023-37243 | 2 Atera, Microsoft | 2 Agent Package Availability, Windows | 2024-11-21 | 7.8 High |
| The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges. | ||||
| CVE-2023-36843 | 2 Juniper, Juniper Networks | 2 Junos, Junos Os | 2024-11-21 | 7.5 High |
| An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS). Upon receiving malformed SSL traffic, the PFE crashes. A manual restart will be needed to recover the device. This issue only affects devices with Juniper Networks Advanced Threat Prevention (ATP) Cloud enabled with Encrypted Traffic Insights (configured via ‘security-metadata-streaming policy’). This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S8, 20.4R3-S9; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3; | ||||