Total
34396 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47261 | 1 Dokmee | 1 Enterprise Content Management | 2024-11-21 | 9.8 Critical |
| Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database access, and xp_cmdshell can be enabled. | ||||
| CVE-2023-47247 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 4.3 Medium |
| In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102. | ||||
| CVE-2023-47244 | 1 Omnisend | 1 Email Marketing For Woocommerce | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Omnisend Email Marketing for WooCommerce by Omnisend.This issue affects Email Marketing for WooCommerce by Omnisend: from n/a through 1.13.8. | ||||
| CVE-2023-47201 | 1 Trendmicro | 1 Apex One | 2024-11-21 | 7.8 High |
| A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47200. | ||||
| CVE-2023-47172 | 1 Withsecure | 4 Client Security, Elements Endpoint Protection, Email And Server Security and 1 more | 2024-11-21 | 7.8 High |
| Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elements Endpoint Protection 17 and later. | ||||
| CVE-2023-47146 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.9 Medium |
| IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. IBM X-Force ID: 270372. | ||||
| CVE-2023-47126 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 3.7 Low |
| TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-47110 | 1 Prestashop | 1 Customer Reassurance Block | 2024-11-21 | 9.1 Critical |
| blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4. | ||||
| CVE-2023-47109 | 1 Prestashop | 1 Customer Reassurance Block | 2024-11-21 | 5.5 Medium |
| PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing index.php for example. This issue has been patched in version 5.1.4. | ||||
| CVE-2023-47101 | 1 Securepoint | 1 Openvpn-client | 2024-11-21 | 7.8 High |
| The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair. | ||||
| CVE-2023-47093 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine. | ||||
| CVE-2023-46980 | 1 Mayurik | 1 Best Courier Management System | 2024-11-21 | 9.8 Critical |
| An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. | ||||
| CVE-2023-46958 | 1 Lmxcms | 1 Lmxcms | 2024-11-21 | 9.8 Critical |
| An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. | ||||
| CVE-2023-46944 | 1 Gitkraken | 1 Gitlens | 2024-11-21 | 7.8 High |
| An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component. | ||||
| CVE-2023-46930 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14. | ||||
| CVE-2023-46928 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42. | ||||
| CVE-2023-46916 | 1 Maximawatches | 2 Maxima Max Pro Power, Maxima Max Pro Power Firmware | 2024-11-21 | 4.3 Medium |
| Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor. | ||||
| CVE-2023-46820 | 1 Iuliacazan | 1 Image Regenerate \& Select Crop | 2024-11-21 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Iulia Cazan Image Regenerate & Select Crop.This issue affects Image Regenerate & Select Crop: from n/a through 7.3.0. | ||||
| CVE-2023-46771 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-46764 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.3 Medium |
| Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously. | ||||