Total
34424 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47633 | 1 Traefik | 1 Traefik | 2024-11-27 | 7.5 High |
| Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-23424 | 1 Hihonor | 2 Nth-an00, Nth-an00 Firmware | 2024-11-27 | 6.5 Medium |
| Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution | ||||
| CVE-2023-34658 | 1 Telegram | 1 Telegram | 2024-11-27 | 5.3 Medium |
| Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController. | ||||
| CVE-2023-34656 | 1 Video Management System Project | 1 Video Management System | 2024-11-27 | 8.8 High |
| An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video management system 3.1 thru 4.1 allows attackers to gain escalated privileges. | ||||
| CVE-2022-48505 | 1 Apple | 1 Macos | 2024-11-27 | 5.5 Medium |
| This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system | ||||
| CVE-2023-39340 | 1 Ivanti | 1 Connect Secure | 2024-11-27 | 7.5 High |
| A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance. | ||||
| CVE-2023-35042 | 1 Geoserver | 1 Geoserver | 2024-11-27 | 9.8 Critical |
| GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version. | ||||
| CVE-2023-34844 | 1 Play With Docker Project | 1 Play With Docker | 2024-11-26 | 9.8 Critical |
| Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker container to escape. | ||||
| CVE-2023-38710 | 2 Libreswan, Redhat | 5 Libreswan, Enterprise Linux, Openshift and 2 more | 2024-11-26 | 6.5 Medium |
| An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20. | ||||
| CVE-2023-47271 | 1 Sfu | 1 Pkp Web Application Library | 2024-11-26 | 5.3 Medium |
| PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image. | ||||
| CVE-2024-10365 | 1 Posimyth | 1 The Plus Addons For Elementor | 2024-11-26 | 4.3 Medium |
| The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tp_carousel_anything.php, modules/widgets/tp_page_scroll.php, and other widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | ||||
| CVE-2023-43320 | 1 Proxmox | 3 Backup Server, Proxmox Mail Gateway, Virtual Environment | 2024-11-26 | 8.8 High |
| An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component. | ||||
| CVE-2023-47262 | 1 Abbott | 2 Id Now, Id Now Firmware | 2024-11-26 | 5.2 Medium |
| The startup process and device configurations of the Abbott ID NOW device, before v7.1, can be interrupted and/or modified via physical access to an internal serial port. Direct physical access is required to exploit. | ||||
| CVE-2023-48656 | 1 Misp-project | 1 Malware Information Sharing Platform | 2024-11-26 | 9.8 Critical |
| An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses. | ||||
| CVE-2023-36487 | 1 Ilias | 1 Ilias | 2024-11-26 | 9.8 Critical |
| The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account. | ||||
| CVE-2023-38324 | 1 Opennds | 1 Captive Portal | 2024-11-26 | 5.3 Medium |
| An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3. | ||||
| CVE-2023-48176 | 1 Mizhexiaoxiao | 1 Websiteguide | 2024-11-26 | 9.8 Critical |
| An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token). | ||||
| CVE-2024-48010 | 1 Dell | 5 Apex Protection Storage, Data Domain Operating System, Emc Data Domain Os and 2 more | 2024-11-26 | 6.5 Medium |
| Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application. | ||||
| CVE-2023-33466 | 1 Orthanc-server | 1 Orthanc | 2024-11-26 | 8.8 High |
| Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE). | ||||
| CVE-2023-31997 | 2 Ubiquiti, Ui | 4 Unifi Os, Cloud Key Gen2, Cloud Key Gen2 Plus and 1 more | 2024-11-26 | 9.0 Critical |
| UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus. | ||||