Total
653 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33368 | 1 Assaabloy | 1 Control Id Idsecure | 2024-11-21 | 6.5 Medium |
| Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes. | ||||
| CVE-2023-32760 | 1 Archerirm | 1 Archer | 2024-11-21 | 7.7 High |
| An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication. | ||||
| CVE-2023-32759 | 1 Archerirm | 1 Archer | 2024-11-21 | 7.5 High |
| An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL. | ||||
| CVE-2023-32275 | 1 Softether | 1 Vpn | 2024-11-21 | 5.5 Medium |
| An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. | ||||
| CVE-2023-31818 | 1 Marukyu | 1 Marukyu Line | 2024-11-21 | 7.5 High |
| An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function. | ||||
| CVE-2023-31206 | 1 Apache | 1 Inlong | 2024-11-21 | 7.5 High |
| Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://cveprocess.apache.org/cve5/[1]%C2%A0https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 | ||||
| CVE-2023-31103 | 1 Apache | 1 Inlong | 2024-11-21 | 7.5 High |
| Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it. | ||||
| CVE-2023-31014 | 2 Google, Nvidia | 2 Android, Geforce Now | 2024-11-21 | 4.2 Medium |
| NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution. | ||||
| CVE-2023-30960 | 1 Palantir | 1 Foundry Job-tracker | 2024-11-21 | 4.3 Medium |
| A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required. | ||||
| CVE-2023-30802 | 1 Sangfor | 1 Next-gen Application Firewall | 2024-11-21 | 5.3 Medium |
| The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field. | ||||
| CVE-2023-2916 | 1 Revmakx | 1 Infinitewp Client | 2024-11-21 | 7.5 High |
| The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges. | ||||
| CVE-2023-28336 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 4.3 Medium |
| Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. | ||||
| CVE-2023-24965 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2024-11-21 | 5.8 Medium |
| IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713. | ||||
| CVE-2023-24523 | 1 Sap | 1 Host Agent | 2024-11-21 | 8.8 High |
| An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS command can read or modify any user or system data and can make the system unavailable. | ||||
| CVE-2023-20061 | 1 Cisco | 4 Packaged Contact Center Enterprise, Unified Contact Center Enterprise, Unified Contact Center Express and 1 more | 2024-11-21 | 6.5 Medium |
| Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities. | ||||
| CVE-2023-1402 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 Medium |
| The course participation report required additional checks to prevent roles being displayed which the user did not have access to view. | ||||
| CVE-2022-4817 | 1 Jgit-cookbook Project | 1 Jgit-cookbook | 2024-11-21 | 3.1 Low |
| A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216988. | ||||
| CVE-2022-48198 | 2 Ntpd Driver Project, Openrobotics | 2 Ntpd Driver, Robot Operating System | 2024-11-21 | 9.8 Critical |
| The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled time_ref_topic parameter. | ||||
| CVE-2022-46901 | 1 Vocera | 2 Report Server, Voice Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database. | ||||
| CVE-2022-46756 | 1 Dell | 1 Vxrail Manager | 2024-11-21 | 8.2 High |
| Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker. | ||||