Total
3971 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47859 | 2024-11-21 | 5.5 Medium | ||
| Improper access control for some Intel(R) Wireless Bluetooth products for Windows before version 23.20 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-47579 | 1 Relyum | 2 Rely-pcie, Rely-pcie Firmware | 2024-11-21 | 7.5 High |
| Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system. | ||||
| CVE-2023-47110 | 1 Prestashop | 1 Customer Reassurance Block | 2024-11-21 | 9.1 Critical |
| blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4. | ||||
| CVE-2023-47034 | 1 Uniswapfrontrunbot Project | 1 Uniswapfrontrunbot | 2024-11-21 | 7.5 High |
| A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to cause financial losses via unspecified vectors. | ||||
| CVE-2023-46759 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-46755 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.3 Medium |
| Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart. | ||||
| CVE-2023-46666 | 1 Elastic | 1 Elastic Sharepoint Online Python Connector | 2024-11-21 | 5.3 Medium |
| An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch. | ||||
| CVE-2023-46501 | 1 Boltwire | 1 Boltwire | 2024-11-21 | 9.1 Critical |
| An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function. | ||||
| CVE-2023-46033 | 1 Dlink | 4 Dsl-2730u, Dsl-2730u Firmware, Dsl-2750u and 1 more | 2024-11-21 | 6.8 Medium |
| D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control. | ||||
| CVE-2023-45844 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2024-11-21 | 6.8 Medium |
| The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug). | ||||
| CVE-2023-44794 | 2 Dromara, Vmware | 3 Sa-token, Spring Boot, Spring Framework | 2024-11-21 | 9.8 Critical |
| An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL. | ||||
| CVE-2023-44292 | 1 Dell | 1 Repository Manager | 2024-11-21 | 6.7 Medium |
| Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | ||||
| CVE-2023-44290 | 1 Dell | 1 Command\|monitor | 2024-11-21 | 7.3 High |
| Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation. | ||||
| CVE-2023-44283 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | 7.8 High |
| In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC. | ||||
| CVE-2023-44282 | 1 Dell | 1 Repository Manager | 2024-11-21 | 6.7 Medium |
| Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | ||||
| CVE-2023-44248 | 1 Fortinet | 1 Fortiedr | 2024-11-21 | 4 Medium |
| An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service. | ||||
| CVE-2023-44118 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2023-43901 | 1 Emsigner | 1 Emsigner | 2024-11-21 | 5.9 Medium |
| Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user. | ||||
| CVE-2023-43814 | 1 Discourse | 1 Discourse | 2024-11-21 | 3.7 Low |
| Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upgrading to the fixed version. | ||||
| CVE-2023-43696 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-11-21 | 8.2 High |
| Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. | ||||