Total
29606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34209 | 1 Easyuse | 1 Mailhunter Ultimate | 2024-11-21 | 5 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter. | ||||
| CVE-2023-33947 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 2.7 Low |
| The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching for the object definition. | ||||
| CVE-2023-33946 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 2.7 Low |
| The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page. | ||||
| CVE-2023-33872 | 1 Intel | 1 Support | 2024-11-21 | 5.5 Medium |
| Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2023-33301 | 1 Fortinet | 1 Fortios | 2024-11-21 | 6.5 Medium |
| An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host. | ||||
| CVE-2023-33224 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 7.2 High |
| The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | ||||
| CVE-2023-32809 | 2 Google, Mediatek | 35 Android, Mt2713, Mt6779 and 32 more | 2024-11-21 | 4.4 Medium |
| In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849753; Issue ID: ALPS07849753. | ||||
| CVE-2023-32808 | 2 Google, Mediatek | 35 Android, Mt2713, Mt6779 and 32 more | 2024-11-21 | 4.4 Medium |
| In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751; Issue ID: ALPS07849751. | ||||
| CVE-2023-32731 | 2 Grpc, Redhat | 2 Grpc, Enterprise Linux | 2024-11-21 | 7.4 High |
| When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005 | ||||
| CVE-2023-32662 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-11-21 | 6.7 Medium |
| Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32651 | 1 Intel | 7 Killer, Killer Wi-fi 6e Ax1675, Killer Wi-fi 6e Ax1690 and 4 more | 2024-11-21 | 4.3 Medium |
| Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2023-32645 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2024-11-21 | 9.8 Critical |
| A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-32634 | 1 Softether | 1 Vpn | 2024-11-21 | 7.8 High |
| An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability. | ||||
| CVE-2023-32626 | 2 Elecom, Logitec | 6 Lan-w300n\/pr5, Lan-w300n\/pr5 Firmware, Lan-w300n\/rs and 3 more | 2024-11-21 | 9.8 Critical |
| Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. | ||||
| CVE-2023-32493 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 7.3 High |
| Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution. | ||||
| CVE-2023-32489 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 6.7 Medium |
| Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges. | ||||
| CVE-2023-32488 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 5.3 Medium |
| Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2023-32479 | 2 Dell, Microsoft | 4 Encryption, Endpoint Security Suite Enterprise, Security Management Server and 1 more | 2024-11-21 | 6.7 Medium |
| Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation. | ||||
| CVE-2023-32450 | 1 Dell | 1 Power Manager | 2024-11-21 | 6.1 Medium |
| Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access. | ||||
| CVE-2023-32285 | 1 Intel | 134 Compute Element Stk2mv64cc, Compute Element Stk2mv64cc Firmware, Nuc Board Nuc7i3bnb and 131 more | 2024-11-21 | 6 Medium |
| Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. | ||||