Total
34396 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50720 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 5.3 Medium |
| XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-50715 | 1 Home-assistant | 1 Home-assistant | 2024-11-21 | 4.3 Medium |
| Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network. Tests showed that this occurs when the request is not authenticated and the request originated locally, meaning on the Home Assistant host local subnet or any other private subnet. The rationale behind this is to make the login more user-friendly and an experience better aligned with other applications that have multiple user-profiles. However, as a result, all accounts are displayed regardless of them having logged in or not and for any device that navigates to the server. This disclosure is mitigated by the fact that it only occurs for requests originating from a LAN address. But note that this applies to the local subnet where Home Assistant resides and to any private subnet that can reach it. | ||||
| CVE-2023-50709 | 1 Cube | 1 Cube.js | 2024-11-21 | 6.5 Medium |
| Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in `v0.34.34` and it's recommended that all users exposing Cube APIs to the public internet upgrade to the latest version to prevent service disruption. There are currently no workaround for older versions, and the recommendation is to upgrade. | ||||
| CVE-2023-50571 | 1 Jeasy | 1 Easy Rules | 2024-11-21 | 7.8 High |
| easy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component MVELRule. | ||||
| CVE-2023-50453 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public. | ||||
| CVE-2023-50443 | 2 Microsoft, Primx | 2 Windows, Cryhod | 2024-11-21 | 4.6 Medium |
| Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (ANSSI qualification submission) or CRYHOD for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which disks are opened. | ||||
| CVE-2023-50442 | 1 Primx | 1 Zonecentral | 2024-11-21 | 5.5 Medium |
| Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily. (This modification can, however, be detected, as described in the Administrator Guide.) | ||||
| CVE-2023-50441 | 1 Primx | 1 Zonecentral | 2024-11-21 | 5.5 Medium |
| Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which folders are opened. | ||||
| CVE-2023-50439 | 1 Primx | 3 Zed\!, Zedmail, Zonecentral | 2024-11-21 | 5.3 Medium |
| ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.). | ||||
| CVE-2023-50428 | 2 Bitcoin, Bitcoinknots | 2 Bitcoin Core, Bitcoin Knots | 2024-11-21 | 5.3 Medium |
| In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug." | ||||
| CVE-2023-50271 | 1 Hp | 2 Hp-ux, System Management Homepage | 2024-11-21 | 7.2 High |
| A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information. | ||||
| CVE-2023-50181 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | 4.8 Medium |
| An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests. | ||||
| CVE-2023-50110 | 1 Testlink | 1 Testlink | 2024-11-21 | 7.5 High |
| TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used. | ||||
| CVE-2023-50011 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 7.2 High |
| PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field. | ||||
| CVE-2023-4972 | 1 Yepas | 1 Digital Yepas | 2024-11-21 | 9.8 Critical |
| Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects Digital Yepas: before 1.0.1. | ||||
| CVE-2023-4896 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 6.8 Medium |
| A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server. | ||||
| CVE-2023-4885 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 6.5 Medium |
| Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information. | ||||
| CVE-2023-4877 | 1 Hamza417 | 1 Inure | 2024-11-21 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92. | ||||
| CVE-2023-4876 | 1 Hamza417 | 1 Inure | 2024-11-21 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92. | ||||
| CVE-2023-4753 | 1 Openatom | 1 Openharmony | 2024-11-21 | 3.9 Low |
| OpenHarmony v3.2.1 and prior version has a system call function usage error. Local attackers can crash kernel by the error input. | ||||