Total
2036 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4227 | 1 Moxa | 2 Iologik E4200, Iologik E4200 Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device. | |||||
| CVE-2023-4194 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. | |||||
| CVE-2023-4107 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 6.7 MEDIUM |
| Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name. | |||||
| CVE-2023-49949 | 1 Passwork | 1 Passwork | 2024-11-21 | N/A | 8.1 HIGH |
| Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes. | |||||
| CVE-2023-49947 | 1 Forgejo | 1 Forgejo | 2024-11-21 | N/A | 7.5 HIGH |
| Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication. | |||||
| CVE-2023-49783 | 1 Silverstripe | 1 Admin | 2024-11-21 | N/A | 4.3 MEDIUM |
| Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a `ModelAdmin` can still edit or delete records using the CSV import form, provided they have create permissions. The likelihood of a user having create permissions but not having edit or delete permissions is low, but it is possible. Note that this doesn't affect any `ModelAdmin` which has had the import form disabled via the `showImportForm` public property. Versions 1.13.19 and 2.1.8 contain a patch for the issue. Those who have a custom implementation of `BulkLoader` should update their implementations to respect permissions when the return value of `getCheckPermissions()` is true. Those who use any `BulkLoader` in their own project logic, or maintain a module which uses it, should consider passing `true` to `setCheckPermissions()` if the data is provided by users. | |||||
| CVE-2023-49273 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | N/A | 5.4 MEDIUM |
| Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue. | |||||
| CVE-2023-49240 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-49239 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-48859 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code. | |||||
| CVE-2023-48712 | 1 Warpgate Project | 1 Warpgate | 2024-11-21 | N/A | 7.1 HIGH |
| Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48227 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-47827 | 1 Nicheaddons | 1 Events Addon For Elementor | 2024-11-21 | N/A | 6.5 MEDIUM |
| Incorrect Authorization vulnerability in NicheAddons Events Addon for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Events Addon for Elementor: from n/a through 2.1.3. | |||||
| CVE-2023-47716 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user to gain the privileges of another user under unusual circumstances. IBM X-Force ID: 271656. | |||||
| CVE-2023-47142 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-11-21 | N/A | 7.5 HIGH |
| IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267. | |||||
| CVE-2023-47090 | 1 Linuxfoundation | 1 Nats-server | 2024-11-21 | N/A | 6.5 MEDIUM |
| NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0. | |||||
| CVE-2023-46992 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages. | |||||
| CVE-2023-46754 | 1 Obl.ong | 1 Admin | 2024-11-21 | N/A | 5.3 MEDIUM |
| The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values. | |||||
| CVE-2023-46753 | 1 Frrouting | 1 Frrouting | 2024-11-21 | N/A | 5.9 MEDIUM |
| An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute. | |||||
| CVE-2023-46244 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.1 CRITICAL |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to write a script in which any velocity content is executed with the right of any other document content author. Since this API require programming right and the user does not have it, the expected result is `$doc.document.authors.contentAuthor` (not executed script), unfortunately with the security vulnerability it is possible for the attacker to get `XWiki.superadmin` which shows that the title was executed with the right of the unmodified document. This has been patched in XWiki versions 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||