Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44093 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
|
Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2023-44080 | 1 Pgyer | 1 Codefever | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component.
|
|||||
| CVE-2023-44011 | 1 Mojoportal | 1 Mojoportal | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component.
|
|||||
| CVE-2023-43998 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
|
|||||
| CVE-2023-43993 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An issue in smaregi_app_market mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
|
|||||
| CVE-2023-43901 | 1 Emsigner | 1 Emsigner | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user.
|
|||||
| CVE-2023-43814 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 3.7 LOW |
|
Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upg ...
Show More |
|||||
| CVE-2023-43799 | 4 Altairgraphql, Apple, Linux and 1 more | 4 Altair, Macos, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.0 MEDIUM |
|
Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the software running on MacOS, Windows, and Linux. Version 5.2.5 fixes this issue.
|
|||||
| CVE-2023-43775 | 1 Eaton | 8 Smp 16, Smp 16 Firmware, Smp 4\/dp and 5 more | 2024-11-21 | N/A | 4.7 MEDIUM |
|
Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows
attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause
the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is
not vulnerable anymore.
|
|||||
| CVE-2023-43767 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
|
|||||
| CVE-2023-43766 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
|
|||||
| CVE-2023-43765 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
|
|||||
| CVE-2023-43762 | 1 Withsecure | 2 F-secure Policy Manager, Policy Manager Proxy | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15.
|
|||||
| CVE-2023-43760 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
|
|||||
| CVE-2023-43754 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled.
|
|||||
| CVE-2023-43669 | 2 Fedoraproject, Snapview | 2 Fedora, Tungstenite | 2024-11-21 | N/A | 7.5 HIGH |
|
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).
|
|||||
| CVE-2023-43656 | 1 Matrix | 1 Hookshot | 2024-11-21 | N/A | 5.6 MEDIUM |
|
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransformationFunctions` in their config), may be vulnerable to an attack where it is possible to break out of the `vm2` sandbox and as a result Hookshot will be vulnerable to this. This problem is only likely to affect users who have allowed untrusted users to apply their own transformation functions. If yo ...
Show More |
|||||
| CVE-2023-43621 | 1 Schollz | 1 Croc | 2024-11-21 | N/A | 4.7 MEDIUM |
|
An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments.
|
|||||
| CVE-2023-43619 | 1 Schollz | 1 Croc | 2024-11-21 | N/A | 7.8 HIGH |
|
An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file.
|
|||||
| CVE-2023-43617 | 1 Schollz | 1 Croc | 2024-11-21 | N/A | 5.3 MEDIUM |
|
An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name.
|
|||||
| CVE-2023-43583 | 1 Zoom | 3 Meeting Software Development Kit, Video Software Development Kit, Zoom | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.
|
|||||
| CVE-2023-43509 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | N/A | 5.8 MEDIUM |
|
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious software.
|
|||||
| CVE-2023-43506 | 2 Arubanetworks, Linux | 2 Clearpass Policy Manager, Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
|
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.
|
|||||
| CVE-2023-43498 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A | 8.1 HIGH |
|
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.
|
|||||
| CVE-2023-43494 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered.
|
|||||
| CVE-2023-43472 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.
|
|||||
| CVE-2023-43457 | 1 Oretnom23 | 1 Service Provider Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint.
|
|||||
| CVE-2023-43323 | 1 Moosocial | 1 Moosocial | 2024-11-21 | N/A | 6.5 MEDIUM |
|
mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink].
|
|||||
| CVE-2023-43320 | 1 Proxmox | 3 Backup Server, Proxmox Mail Gateway, Virtual Environment | 2024-11-21 | N/A | 8.8 HIGH |
|
An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component.
|
|||||
| CVE-2023-43305 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 8.2 HIGH |
|
An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
|
|||||
| CVE-2023-43303 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 8.2 HIGH |
|
An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
|
|||||
| CVE-2023-43302 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 8.2 HIGH |
|
An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
|
|||||
| CVE-2023-43301 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 8.2 HIGH |
|
An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
|
|||||
| CVE-2023-43300 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 8.2 HIGH |
|
An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
|
|||||
| CVE-2023-43299 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 5.3 MEDIUM |
|
An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
|
|||||
| CVE-2023-43298 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 5.3 MEDIUM |
|
An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
|
|||||
| CVE-2023-43284 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
|
D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter.
|
|||||
| CVE-2023-43234 | 1 Dedebiz | 1 Dedebiz | 2024-11-21 | N/A | 9.8 CRITICAL |
|
DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters.
|
|||||
| CVE-2023-43222 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file.
|
|||||
| CVE-2023-43216 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php.
|
|||||