Total
3922 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32333 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 6.5 Medium |
| IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073. | ||||
| CVE-2023-32285 | 1 Intel | 134 Compute Element Stk2mv64cc, Compute Element Stk2mv64cc Firmware, Nuc Board Nuc7i3bnb and 131 more | 2024-11-21 | 6 Medium |
| Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2023-32279 | 1 Intel | 1 Connectivity Performance Suite | 2024-11-21 | 7.5 High |
| Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access. | ||||
| CVE-2023-32204 | 1 Intel | 1 One Boot Flash Update | 2024-11-21 | 8.8 High |
| Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32065 | 1 Oroinc | 1 Orocommerce | 2024-11-21 | 5.8 Medium |
| OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1. | ||||
| CVE-2023-32064 | 1 Oroinc | 1 Orocommerce | 2024-11-21 | 5 Medium |
| OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and 5.1.1. | ||||
| CVE-2023-32063 | 1 Oroinc | 1 Client Relationship Management | 2024-11-21 | 5 Medium |
| OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1. | ||||
| CVE-2023-32062 | 1 Oroinc | 1 Oroplatform | 2024-11-21 | 5 Medium |
| OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1. | ||||
| CVE-2023-31271 | 1 Intel | 1 Virtual Raid On Cpu | 2024-11-21 | 6.7 Medium |
| Improper access control in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-31020 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2024-11-21 | 6.1 Medium |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering. | ||||
| CVE-2023-31019 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2024-11-21 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context. | ||||
| CVE-2023-30969 | 1 Palantir | 1 Tiles | 2024-11-21 | 8.2 High |
| The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints. | ||||
| CVE-2023-2979 | 1 Abstrium | 1 Pydio Cells | 2024-11-21 | 4.7 Medium |
| A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230211. | ||||
| CVE-2023-2903 | 1 Nfine | 1 Nfine Rapid Development Platform | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. This affects an unknown part of the file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2902 | 1 Nfine Rapid Development Platform Project | 1 Nfine Rapid Development Platform | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in NFine Rapid Development Platform 20230511. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229976. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2861 | 1 Qemu | 1 Qemu | 2024-11-21 | 6 Medium |
| A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. | ||||
| CVE-2023-2670 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228886 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-2112 | 1 M-files | 1 M-files Server | 2024-11-21 | 3.6 Low |
| Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0. | ||||
| CVE-2023-29157 | 1 Intel | 1 One Boot Flash Update | 2024-11-21 | 8.4 High |
| Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-29130 | 1 Siemens | 1 Simatic Cn 4100 | 2024-11-21 | 9.9 Critical |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control. | ||||