Total
2036 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36387 | 1 Apache | 1 Superset | 2024-11-21 | N/A | 5.4 MEDIUM |
| An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections. | |||||
| CVE-2023-36339 | 1 Webboss | 1 Webboss.io Cms | 2024-11-21 | N/A | 7.5 HIGH |
| An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to access the Website Backup Tool via a crafted GET request. | |||||
| CVE-2023-36092 | 1 Dlink | 2 Dir-859, Dir-859 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-36091 | 1 Dlink | 2 Dir-895l, Dir-895l Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-36090 | 1 Dlink | 2 Dir-885l, Dir-885l Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-36089 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-35990 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | N/A | 3.3 LOW |
| The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed. | |||||
| CVE-2023-35983 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system. | |||||
| CVE-2023-35939 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 8.1 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8 contains a patch for this issue. | |||||
| CVE-2023-35908 | 1 Apache | 1 Airflow | 2024-11-21 | N/A | 6.5 MEDIUM |
| Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected | |||||
| CVE-2023-35836 | 1 Solax | 2 Pocket Wifi 3, Pocket Wifi 3 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks. | |||||
| CVE-2023-35653 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.4 MEDIUM |
| In TBD of TBD, there is a possible way to access location information due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35165 | 1 Amazon | 1 Aws Cloud Development Kit | 2024-11-21 | N/A | 6.6 MEDIUM |
| AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages `aws-cdk-lib` 2.0.0 until 2.80.0 and `@aws-cdk/aws-eks` 1.57.0 until 1.202.0, `eks.Cluster` and `eks.FargateCluster` constructs create two roles, `CreationRole` and `default MastersRole`, that have an overly permissive trust policy. The first, referred to as the `CreationRole`, is used by lambda handlers to create the cluster and deploy Kubernetes resources (e.g `KubernetesManifest`, `HelmChart`, ...) onto it. Users with CDK version higher or equal to 1.62.0 (including v2 users) may be affected. The second, referred to as the `default MastersRole`, is provisioned only if the `mastersRole` property isn't provided and has permissions to execute `kubectl` commands on the cluster. Users with CDK version higher or equal to 1.57.0 (including v2 users) may be affected. The issue has been fixed in `@aws-cdk/aws-eks` v1.202.0 and `aws-cdk-lib` v2.80.0. These versions no longer use the account root principal. Instead, they restrict the trust policy to the specific roles of lambda handlers that need it. There is no workaround available for CreationRole. To avoid creating the `default MastersRole`, use the `mastersRole` property to explicitly provide a role. | |||||
| CVE-2023-34965 | 1 Sspanel-uim Project | 1 Sspanel-uim | 2024-11-21 | N/A | 5.3 MEDIUM |
| SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information. | |||||
| CVE-2023-34923 | 1 Topdesk | 1 Topdesk | 2024-11-21 | N/A | 8.1 HIGH |
| XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation. | |||||
| CVE-2023-34724 | 1 Jaycar | 2 La5570, La5570 Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
| An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface. | |||||
| CVE-2023-34219 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API | |||||
| CVE-2023-34218 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 9.1 CRITICAL |
| In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible | |||||
| CVE-2023-34197 | 1 Zohocorp | 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2024-11-21 | N/A | 5.4 MEDIUM |
| Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications. | |||||
| CVE-2023-34107 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 6.5 MEDIUM |
| GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue. | |||||