Total
34395 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40074 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-40058 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 6.5 Medium |
| Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment. | ||||
| CVE-2023-40053 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 5 Medium |
| A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | ||||
| CVE-2023-40049 | 1 Progress | 1 Ws Ftp Server | 2024-11-21 | 5.3 Medium |
| In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing. | ||||
| CVE-2023-40039 | 1 Arris | 6 Tg1672g, Tg1672g Firmware, Tg852g and 3 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. | ||||
| CVE-2023-40034 | 1 Woodpecker-ci | 1 Woodpecker | 2024-11-21 | 8.1 High |
| Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and connected to a forge witch is also in public usage. This issue has been addressed in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should secure the CI system by making it inaccessible to untrusted entities, for example, by placing it behind a firewall. | ||||
| CVE-2023-40002 | 1 Booster | 1 Booster For Woocommerce | 2024-11-21 | 6.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce plugin <= 7.1.1 versions. | ||||
| CVE-2023-3993 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.9 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint. | ||||
| CVE-2023-3782 | 1 Squareup | 1 Okhttp-brotli | 2024-11-21 | 5.9 Medium |
| DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response | ||||
| CVE-2023-3775 | 2 Hashicorp, Redhat | 2 Vault, Openshift | 2024-11-21 | 4.2 Medium |
| A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8. | ||||
| CVE-2023-3769 | 1 Ingeteam | 2 Ingepac Fc5066, Ingepac Fc5066 Firmware | 2024-11-21 | 8.6 High |
| Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services. | ||||
| CVE-2023-3742 | 1 Google | 2 Chrome, Chrome Os | 2024-11-21 | 6.8 Medium |
| Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High) | ||||
| CVE-2023-3705 | 2 Aditya Infotech Limited, Cpplusworld | 9 Cp-vnr-3104, Cp-vnr-3108, Cp-vnr-3208 and 6 more | 2024-11-21 | 7.5 High |
| The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device. | ||||
| CVE-2023-3699 | 1 Asustor | 1 Data Master | 2024-11-21 | 8.7 High |
| An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. | ||||
| CVE-2023-3636 | 1 Wedevs | 1 Wp Project Manager | 2024-11-21 | 8.8 High |
| The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'usernames' parameter. | ||||
| CVE-2023-3612 | 1 Govee | 1 Home | 2024-11-21 | 8.2 High |
| Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content. | ||||
| CVE-2023-3593 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input. | ||||
| CVE-2023-3467 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-11-21 | 8 High |
| Privilege Escalation to root administrator (nsroot) | ||||
| CVE-2023-3434 | 2 Microsoft, Savoirfairelinux | 2 Windows, Jami | 2024-11-21 | 4.4 Medium |
| Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger. | ||||
| CVE-2023-3433 | 1 Savoirfairelinux | 1 Jami | 2024-11-21 | 5.5 Medium |
| The "nickname" field within Savoir-faire Linux's Jami application is susceptible to a failed state when a user inserts special characters into the field. When present, these special characters, make it so the application cannot create the signature for the user and results in a local denial of service to the application. | ||||