Total
34396 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4723 | 1 Webtechstreet | 1 Elementor Addon Elements | 2024-11-21 | 5.3 Medium |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of with pending/draft/future/private status. | ||||
| CVE-2023-4706 | 1 Lenovo | 1 Preload Directory | 2024-11-21 | 7.3 High |
| A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges. | ||||
| CVE-2023-4694 | 1 Hp | 24 Officejet Pro 8730 D9l19a, Officejet Pro 8730 D9l19a Firmware, Officejet Pro 8730 J7a28a and 21 more | 2024-11-21 | 7.5 High |
| Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header. | ||||
| CVE-2023-4630 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports. | ||||
| CVE-2023-4553 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-11-21 | 5.3 Medium |
| Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2. | ||||
| CVE-2023-4551 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-11-21 | 7.2 High |
| Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process. This issue affects AppBuilder: from 21.2 before 23.2. | ||||
| CVE-2023-4546 | 1 Byzoro | 1 Smart S85f Management Platform | 2024-11-21 | 3.5 Low |
| A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230816. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The identifier VDB-238057 was assigned to this vulnerability. | ||||
| CVE-2023-4481 | 2 Juniper, Juniper Networks | 4 Junos, Junos Os Evolved, Junos Os and 1 more | 2024-11-21 | 7.5 High |
| An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers. Continuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. Improper Input Validation, Denial of Service vulnerability in Juniper Networks, Inc. Junos OS (BGP, rpd modules), Juniper Networks, Inc. Junos OS Evolved (BGP, rpd modules) allows Fuzzing.This issue affects Junos OS: * All versions before 20.4R3-S10, * from 21.1R1 through 21.*, * from 21.2 before 21.2R3-S5, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S7 (unaffected from 21.4R3-S5, affected from 21.4R3-S6) * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * All versions before 20.4R3-S10-EVO, * from 21.2-EVO before 21.2R3-S7-EVO, * from 21.3-EVO before 21.3R3-S5-EVO, * from 21.4-EVO before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. | ||||
| CVE-2023-4379 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.1 High |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated. | ||||
| CVE-2023-4304 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 3.8 Low |
| Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0. | ||||
| CVE-2023-4272 | 1 Arm | 4 Bifrost Gpu Kernel Driver, Mali Gpu Kernel Driver, Midgard Gpu Kernel Driver and 1 more | 2024-11-21 | 5.5 Medium |
| A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory. | ||||
| CVE-2023-4241 | 1 Cloudflare | 1 Lol-html | 2024-11-21 | 7.5 High |
| lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected. | ||||
| CVE-2023-4169 | 1 Ruijie | 2 Rg-ew1200g, Rg-ew1200g Firmware | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-4168 | 1 Templatecookie | 1 Adlisting | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-4054 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-11-21 | 5.5 Medium |
| When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1. | ||||
| CVE-2023-4020 | 1 Silabs | 1 Gecko Software Development Kit | 2024-11-21 | 9 Critical |
| An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. | ||||
| CVE-2023-4012 | 1 Ntpsec | 1 Ntpsec | 2024-11-21 | 7.5 High |
| ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3). | ||||
| CVE-2023-4011 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS. | ||||
| CVE-2023-4008 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known. | ||||
| CVE-2023-4002 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies. | ||||