Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36624 | 1 Loxone | 2 Miniserver Go Gen 2, Miniserver Go Gen 2 Firmware | 2024-11-21 | N/A | 7.8 HIGH |
|
Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a password requirement.
|
|||||
| CVE-2023-36621 | 1 Nationaledtech | 1 Boomerang | 2024-11-21 | N/A | 9.1 CRITICAL |
|
An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing.
|
|||||
| CVE-2023-36607 | 1 Ovarro | 10 Tbox Lt2, Tbox Lt2 Firmware, Tbox Ms-cpu32 and 7 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.
|
|||||
| CVE-2023-36516 | 1 Thimpress | 1 Learnpress | 2024-11-21 | N/A | 7.6 HIGH |
|
Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.
|
|||||
| CVE-2023-36515 | 1 Thimpress | 1 Learnpress | 2024-11-21 | N/A | 7.3 HIGH |
|
Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.
|
|||||
| CVE-2023-36512 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.5.
|
|||||
| CVE-2023-36348 | 1 Codekop | 1 Codekop | 2024-11-21 | N/A | 8.8 HIGH |
|
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.
|
|||||
| CVE-2023-36144 | 1 Intelbras | 2 Sg 2404 Mr, Sg 2404 Mr Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.
|
|||||
| CVE-2023-36140 | 1 Phpjabbers | 1 Cleaning Business Software | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts.
|
|||||
| CVE-2023-36002 | 1 Proofpoint | 1 Insider Threat Management Server | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected.
|
|||||
| CVE-2023-36000 | 2 Apple, Proofpoint | 2 Macos, Insider Threat Management Server | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.
|
|||||
| CVE-2023-35998 | 1 Proofpoint | 1 Insider Threat Management Server | 2024-11-21 | N/A | 4.6 MEDIUM |
|
A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.
|
|||||
| CVE-2023-35940 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 7.5 HIGH |
|
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue.
|
|||||
| CVE-2023-35937 | 1 Metersphere | 1 Metersphere | 2024-11-21 | N/A | 6.0 MEDIUM |
|
Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can be updated as space administrators. Version 2.10.2 LTS has a patch for this issue.
|
|||||
| CVE-2023-35677 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-35665 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
|
In multiple files, there is a possible way to import a contact from another user due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-35164 | 1 Dataease | 1 Dataease | 2024-11-21 | N/A | 6.3 MEDIUM |
|
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-35093 | 1 Stylemixthemes | 1 Masterstudy Lms | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more.
|
|||||
| CVE-2023-35050 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through 3.13.0.
|
|||||
| CVE-2023-35045 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through 2.6.7.
|
|||||
| CVE-2023-34463 | 1 Dataease | 1 Dataease | 2024-11-21 | N/A | 8.1 HIGH |
|
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-34379 | 1 Magneticone | 1 Magento To Woocommerce Migration | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0.
|
|||||
| CVE-2023-34234 | 1 Openzeppelin | 2 Contracts, Contracts Upgradeable | 2024-11-21 | N/A | 5.3 MEDIUM |
|
OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the `Governor` contract in v4.9.0 only, and the `GovernorCompatibilityBravo` contract since v4.3.0. This problem has been patched in 4.9.1 by introducing opt-in frontrunning protection. Users are advised to upg ...
Show More |
|||||
| CVE-2023-34186 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Imran Sayed Headless CMS.This issue affects Headless CMS: from n/a through 2.0.3.
|
|||||
| CVE-2023-34165 | 1 Huawei | 1 Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions.
|
|||||
| CVE-2023-34003 | 1 Woocommerce | 1 Box Office | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51.
|
|||||
| CVE-2023-33992 | 1 Sap | 2 Business Warehouse, Bw\/4hana | 2024-11-21 | N/A | 4.5 MEDIUM |
|
The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs authorizations on the query as well as on the keyfigure/measure level. The missing check only affects the data level.
|
|||||
| CVE-2023-33970 | 1 Kanboard | 1 Kanboard | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it's a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upg ...
Show More |
|||||
| CVE-2023-33968 | 1 Kanboard | 1 Kanboard | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. Th ...
Show More |
|||||
| CVE-2023-33923 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from n/a through 1.3.0.
|
|||||
| CVE-2023-33922 | 1 Elementor | 1 Website Builder | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2.
|
|||||
| CVE-2023-33918 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
|
|||||
| CVE-2023-33917 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
|
|||||
| CVE-2023-33916 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
|
|||||
| CVE-2023-33915 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2024-11-21 | N/A | 7.5 HIGH |
|
In LTE protocol stack, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed
|
|||||
| CVE-2023-33912 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
|
|||||
| CVE-2023-33911 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
|
|||||
| CVE-2023-33910 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
|
|||||
| CVE-2023-33909 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
|
|||||
| CVE-2023-33908 | 2 Google, Unisoc | 13 Android, S8000, Sc9832e and 10 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges
|
|||||