Total
2586 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25777 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 7.9 HIGH |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-25073 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | N/A | 5.5 MEDIUM |
| Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-24905 | 1 Microsoft | 5 Windows 10 20h2, Windows 10 21h2, Windows 10 22h2 and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2023-24844 | 1 Qualcomm | 86 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 83 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range. | |||||
| CVE-2023-24481 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 6.3 MEDIUM |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-23835 | 1 Mendix | 1 Mendix | 2024-11-21 | N/A | 5.9 MEDIUM |
| A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9 (All versions < V9.22.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.10), Mendix Applications using Mendix 9 (V9.18) (All versions < V9.18.4), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.15). Some of the Mendix runtime API’s allow attackers to bypass XPath constraints and retrieve information using XPath queries that trigger errors. | |||||
| CVE-2023-23615 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 5.3 MEDIUM |
| Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts. | |||||
| CVE-2023-22848 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 5.5 MEDIUM |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-22618 | 1 Nokia | 12 Wavelite Metro 200 And F2b Fans, Wavelite Metro 200 And F2b Fans Firmware, Wavelite Metro 200 And Fan and 9 more | 2024-11-21 | N/A | 8.1 HIGH |
| If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans. | |||||
| CVE-2023-22473 | 1 Nextcloud | 1 Talk | 2024-11-21 | N/A | 2.1 LOW |
| Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2. | |||||
| CVE-2023-22293 | 1 Intel | 216 Core I3-6006u, Core I3-6098p, Core I3-6100 and 213 more | 2024-11-21 | N/A | 8.2 HIGH |
| Improper access control in the Intel(R) Thunderbolt(TM) DCH drivers for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-22250 | 1 Adobe | 2 Commerce, Magento Open Source | 2024-11-21 | N/A | 5.3 MEDIUM |
| Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-22232 | 1 Adobe | 1 Connect | 2024-11-21 | N/A | 5.3 MEDIUM |
| Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-22014 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2024-11-21 | N/A | 8.4 HIGH |
| Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2023-21985 | 1 Oracle | 1 Solaris | 2024-11-21 | N/A | 7.7 HIGH |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2023-21980 | 1 Oracle | 1 Mysql | 2024-11-21 | N/A | 7.1 HIGH |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). | |||||
| CVE-2023-21969 | 1 Oracle | 1 Sql Developer | 2024-11-21 | N/A | 6.7 MEDIUM |
| Vulnerability in Oracle SQL Developer (component: Installation). Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle SQL Developer executes to compromise Oracle SQL Developer. Successful attacks of this vulnerability can result in takeover of Oracle SQL Developer. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2023-21923 | 1 Oracle | 1 Health Sciences Inform | 2024-11-21 | N/A | 8.3 HIGH |
| Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Health Sciences InForm accessible data as well as unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). | |||||
| CVE-2023-21922 | 1 Oracle | 1 Health Sciences Inform | 2024-11-21 | N/A | 6.8 MEDIUM |
| Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Health Sciences InForm accessible data as well as unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). | |||||
| CVE-2023-21905 | 1 Oracle | 1 Banking Virtual Account Management | 2024-11-21 | N/A | 6.1 MEDIUM |
| Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Routing Hub). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Virtual Account Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N). | |||||