Total
29699 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5358 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 5.3 Medium |
| Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters. | ||||
| CVE-2023-5299 | 1 Fujielectric | 1 Tellus Lite V-simulator | 2024-11-21 | 7.3 High |
| A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system. | ||||
| CVE-2023-5240 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 7.5 High |
| Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request. | ||||
| CVE-2023-5106 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.2 High |
| An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports. | ||||
| CVE-2023-51070 | 1 Qstar | 1 Archive Storage Manager | 2024-11-21 | 7.5 High |
| An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server. | ||||
| CVE-2023-50959 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-11-21 | 5.3 Medium |
| IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938. | ||||
| CVE-2023-50954 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776. | ||||
| CVE-2023-50871 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 4.3 Medium |
| In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed | ||||
| CVE-2023-50708 | 1 Yiiframework | 1 Yii2-authclient | 2024-11-21 | 6.1 Medium |
| yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available. | ||||
| CVE-2023-50706 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2024-11-21 | 4.1 Medium |
| A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens. | ||||
| CVE-2023-50559 | 1 Openxiangshan | 1 Xiangshan | 2024-11-21 | 5.5 Medium |
| An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache. | ||||
| CVE-2023-50477 | 1 Nos | 1 Nos Client | 2024-11-21 | 9.8 Critical |
| An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js. | ||||
| CVE-2023-50332 | 1 Weseek | 1 Growi | 2024-11-21 | 6.5 Medium |
| Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user's intention. | ||||
| CVE-2023-4922 | 1 Wpb Show Core Project | 1 Wpb Show Core | 2024-11-21 | 9.8 Critical |
| The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter. | ||||
| CVE-2023-4898 | 1 Mintplexlabs | 1 Anything-llm | 2024-11-21 | 7.5 High |
| Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. | ||||
| CVE-2023-4749 | 1 Mayurik | 1 Inventory Management System | 2024-11-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-4640 | 1 Yugabyte | 1 Yugabytedb | 2024-11-21 | 6.5 Medium |
| The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3 | ||||
| CVE-2023-4570 | 1 Ni | 1 Measurementlink | 2024-11-21 | 8.8 High |
| An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions. | ||||
| CVE-2023-4417 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2024-11-21 | 6.5 Medium |
| Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process. | ||||
| CVE-2023-4381 | 1 Instantcms | 1 Instantcms | 2024-11-21 | 4.3 Medium |
| Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||