Total
3016 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35179 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | N/A | 7.2 HIGH |
| A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. | |||||
| CVE-2023-35167 | 1 Remult | 1 Remult | 2024-11-21 | N/A | 5.0 MEDIUM |
| Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function. | |||||
| CVE-2023-35121 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-35062 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | N/A | 6.3 MEDIUM |
| Improper access control in some Intel(R) DSA software before version 23.4.33 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-34107 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 6.5 MEDIUM |
| GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue. | |||||
| CVE-2023-34106 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 6.5 MEDIUM |
| GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should upgrade to version 10.0.8 to receive a patch. | |||||
| CVE-2023-33875 | 1 Intel | 10 Killer, Killer Wi-fi 6 Ax1650, Killer Wi-fi 6e Ax1675 and 7 more | 2024-11-21 | N/A | 7.1 HIGH |
| Improper access control for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via local access.. | |||||
| CVE-2023-33155 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-33071 | 1 Qualcomm | 26 Qca6574, Qca6574 Firmware, Qca6574a and 23 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities. | |||||
| CVE-2023-32647 | 1 Intel | 1 Extreme Tuning Utility | 2024-11-21 | N/A | 6.8 MEDIUM |
| Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32572 | 1 Purestorage | 1 Purity\/\/fa | 2024-11-21 | N/A | 6.5 MEDIUM |
| A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. | |||||
| CVE-2023-32544 | 1 Intel | 1 Nuc P14e Laptop Element | 2024-11-21 | N/A | 7.3 HIGH |
| Improper access control in some Intel HotKey Services for Windows 10 for Intel NUC P14E Laptop Element software installers before version 1.1.45 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-32479 | 2 Dell, Microsoft | 4 Encryption, Endpoint Security Suite Enterprise, Security Management Server and 1 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation. | |||||
| CVE-2023-32477 | 1 Dell | 1 Common Event Enabler | 2024-11-21 | N/A | 7.8 HIGH |
| Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges. | |||||
| CVE-2023-32458 | 1 Emc | 1 Appsync | 2024-11-21 | N/A | 7.3 HIGH |
| Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation. | |||||
| CVE-2023-32333 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073. | |||||
| CVE-2023-32065 | 1 Oroinc | 1 Orocommerce | 2024-11-21 | N/A | 5.8 MEDIUM |
| OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1. | |||||
| CVE-2023-32064 | 1 Oroinc | 1 Orocommerce | 2024-11-21 | N/A | 5.0 MEDIUM |
| OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and 5.1.1. | |||||
| CVE-2023-32063 | 1 Oroinc | 1 Client Relationship Management | 2024-11-21 | N/A | 5.0 MEDIUM |
| OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1. | |||||
| CVE-2023-32062 | 1 Oroinc | 1 Oroplatform | 2024-11-21 | N/A | 5.0 MEDIUM |
| OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1. | |||||