Total
29524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5102 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
| Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests. | |||||
| CVE-2023-5061 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API. | |||||
| CVE-2023-5009 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 8.2 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact. | |||||
| CVE-2023-52436 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed. | |||||
| CVE-2023-51767 | 3 Fedoraproject, Openbsd, Redhat | 3 Fedora, Openssh, Enterprise Linux | 2024-11-21 | N/A | 7.0 HIGH |
| OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. | |||||
| CVE-2023-51661 | 1 Wasmer | 1 Wasmer | 2024-11-21 | N/A | 8.4 HIGH |
| Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4. | |||||
| CVE-2023-51074 | 1 Json-path | 1 Jayway Jsonpath | 2024-11-21 | N/A | 5.3 MEDIUM |
| json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method. | |||||
| CVE-2023-51070 | 1 Qstar | 1 Archive Storage Manager | 2024-11-21 | N/A | 7.5 HIGH |
| An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server. | |||||
| CVE-2023-50959 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938. | |||||
| CVE-2023-50954 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776. | |||||
| CVE-2023-50871 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | N/A | 4.3 MEDIUM |
| In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed | |||||
| CVE-2023-50708 | 1 Yiiframework | 1 Yii2-authclient | 2024-11-21 | N/A | 6.1 MEDIUM |
| yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available. | |||||
| CVE-2023-50706 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2024-11-21 | N/A | 4.1 MEDIUM |
| A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens. | |||||
| CVE-2023-50559 | 1 Openxiangshan | 1 Xiangshan | 2024-11-21 | N/A | 5.5 MEDIUM |
| An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache. | |||||
| CVE-2023-50477 | 1 Nos | 1 Nos Client | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js. | |||||
| CVE-2023-50333 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | N/A | 3.7 LOW |
| Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names. | |||||
| CVE-2023-50332 | 1 Weseek | 1 Growi | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user's intention. | |||||
| CVE-2023-4922 | 1 Wpb Show Core Project | 1 Wpb Show Core | 2024-11-21 | N/A | 9.8 CRITICAL |
| The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter. | |||||
| CVE-2023-4898 | 1 Mintplexlabs | 1 Anything-llm | 2024-11-21 | N/A | 7.5 HIGH |
| Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. | |||||
| CVE-2023-4895 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of projects | |||||