Total
4876 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36815 | 1 Sealos | 1 Sealos | 2024-11-21 | N/A | 7.3 HIGH |
| Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account `sealos[.] io/v1/Payment`, resulting in the ability to recharge any amount of 1 renminbi (RMB). The charging interface may expose resource information. The namespace of this custom resource would be user's control and may have permission to correct it. It is not clear whether a fix exists. | |||||
| CVE-2023-36695 | 1 Maximeschoeni | 1 Sublanguage | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through 2.9. | |||||
| CVE-2023-36694 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| Missing Authorization vulnerability in Bryan Lee Kingkong Board.This issue affects Kingkong Board: from n/a through 2.1.0.2. | |||||
| CVE-2023-36684 | 1 Brainstormforce | 1 Convert Pro | 2024-11-21 | N/A | 7.1 HIGH |
| Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through 1.7.5. | |||||
| CVE-2023-36683 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through 2.7.8. | |||||
| CVE-2023-36676 | 1 Brainstormforce | 1 Spectra | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6. | |||||
| CVE-2023-36624 | 1 Loxone | 2 Miniserver Go Gen 2, Miniserver Go Gen 2 Firmware | 2024-11-21 | N/A | 7.8 HIGH |
| Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a password requirement. | |||||
| CVE-2023-36621 | 1 Nationaledtech | 1 Boomerang | 2024-11-21 | N/A | 9.1 CRITICAL |
| An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing. | |||||
| CVE-2023-36607 | 1 Ovarro | 10 Tbox Lt2, Tbox Lt2 Firmware, Tbox Ms-cpu32 and 7 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents. | |||||
| CVE-2023-36516 | 1 Thimpress | 1 Learnpress | 2024-11-21 | N/A | 7.6 HIGH |
| Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3. | |||||
| CVE-2023-36515 | 1 Thimpress | 1 Learnpress | 2024-11-21 | N/A | 7.3 HIGH |
| Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3. | |||||
| CVE-2023-36512 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.5. | |||||
| CVE-2023-36348 | 1 Codekop | 1 Codekop | 2024-11-21 | N/A | 8.8 HIGH |
| POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter. | |||||
| CVE-2023-36144 | 1 Intelbras | 2 Sg 2404 Mr, Sg 2404 Mr Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration. | |||||
| CVE-2023-36140 | 1 Phpjabbers | 1 Cleaning Business Software | 2024-11-21 | N/A | 9.8 CRITICAL |
| In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts. | |||||
| CVE-2023-36002 | 1 Proofpoint | 1 Insider Threat Management Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected. | |||||
| CVE-2023-36000 | 2 Apple, Proofpoint | 2 Macos, Insider Threat Management Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. | |||||
| CVE-2023-35998 | 1 Proofpoint | 1 Insider Threat Management Server | 2024-11-21 | N/A | 4.6 MEDIUM |
| A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. | |||||
| CVE-2023-35940 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 7.5 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue. | |||||
| CVE-2023-35937 | 1 Metersphere | 1 Metersphere | 2024-11-21 | N/A | 6.0 MEDIUM |
| Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can be updated as space administrators. Version 2.10.2 LTS has a patch for this issue. | |||||