Total
34393 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39041 | 1 Kukurudeli Project | 1 Kukurudeli | 2024-11-21 | 6.5 Medium |
| An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | ||||
| CVE-2023-38996 | 1 Douran | 1 Dsgate | 2024-11-21 | 6.7 Medium |
| An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command. | ||||
| CVE-2023-38990 | 1 Jeesite | 1 Jeesite | 2024-11-21 | 4.3 Medium |
| An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator. | ||||
| CVE-2023-38988 | 1 Jeesite | 1 Jeesite | 2024-11-21 | 4.3 Medium |
| An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators. | ||||
| CVE-2023-38949 | 1 Zkteco | 1 Biotime | 2024-11-21 | 7.5 High |
| An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request. | ||||
| CVE-2023-38909 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | 6.5 Medium |
| An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function. | ||||
| CVE-2023-38908 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | 6.5 Medium |
| An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function. | ||||
| CVE-2023-38907 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | 7.5 High |
| An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key. | ||||
| CVE-2023-38906 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | 6.5 Medium |
| An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message. | ||||
| CVE-2023-38886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.2 High |
| An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script. | ||||
| CVE-2023-38849 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38848 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38847 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38846 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38845 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38840 | 1 Bitwarden | 1 Bitwarden | 2024-11-21 | 5.5 Medium |
| Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process. | ||||
| CVE-2023-38750 | 1 Zimbra | 1 Zimbra | 2024-11-21 | 7.5 High |
| In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed. | ||||
| CVE-2023-38736 | 1 Ibm | 1 Qradar Wincollect | 2024-11-21 | 7.5 High |
| IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack that a normal user could utilize to gain SYSTEM permissions. IBM X-Force ID: 262542. | ||||
| CVE-2023-38721 | 1 Ibm | 1 I | 2024-11-21 | 8.4 High |
| The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor could gain access to a command line with elevated privileges allowing root access to the host operating system. IBM X-Force ID: 262173. | ||||
| CVE-2023-38718 | 1 Ibm | 1 Robotic Process Automation | 2024-11-21 | 3.7 Low |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606. | ||||