Total
4017 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2901 | 1 Nfine Rapid Development Platform Project | 1 Nfine Rapid Development Platform | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in NFine Rapid Development Platform 20230511. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229975. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2861 | 1 Qemu | 1 Qemu | 2024-11-21 | N/A | 6.0 MEDIUM |
| A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. | |||||
| CVE-2023-2845 | 1 Fit2cloud | 1 Cloudexplorer Lite | 2024-11-21 | N/A | 8.1 HIGH |
| Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. | |||||
| CVE-2023-2674 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | |||||
| CVE-2023-2670 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228886 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-2202 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. | |||||
| CVE-2023-2112 | 1 M-files | 1 M-files Server | 2024-11-21 | N/A | 3.6 LOW |
| Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0. | |||||
| CVE-2023-29513 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 5.0 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. If guest has view right on any document. It's possible to create a new user using the `distribution/firstadminuser.wiki` in the wrong context. This vulnerability has been patched in XWiki 15.0-rc-1 and 14.10.1. There is no known workaround other than upgrading. | |||||
| CVE-2023-29242 | 1 Intel | 6 Oneapi Ai Analytics Toolkit, Oneapi Base Toolkit, Oneapi Dl Framework Developer Toolkit and 3 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-29157 | 1 Intel | 1 One Boot Flash Update | 2024-11-21 | N/A | 8.4 HIGH |
| Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-29130 | 1 Siemens | 1 Simatic Cn 4100 | 2024-11-21 | N/A | 9.9 CRITICAL |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control. | |||||
| CVE-2023-28845 | 1 Nextcloud | 1 Talk | 2024-11-21 | N/A | 3.5 LOW |
| Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-28844 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 5.7 MEDIUM |
| Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-28810 | 1 Hikvision | 74 Ds-k1t320efwx, Ds-k1t320efwx Firmware, Ds-k1t320efx and 71 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network. | |||||
| CVE-2023-28809 | 1 Hikvision | 52 Ds-k1t320efwx, Ds-k1t320efwx Firmware, Ds-k1t320efx and 49 more | 2024-11-21 | N/A | 7.5 HIGH |
| Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user. | |||||
| CVE-2023-28808 | 1 Hikvision | 20 Ds-a71024, Ds-a71024 Firmware, Ds-a71048 and 17 more | 2024-11-21 | N/A | 9.1 CRITICAL |
| Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices. | |||||
| CVE-2023-28715 | 1 Intel | 1 Oneapi | 2024-11-21 | N/A | 5.0 MEDIUM |
| Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-28714 | 2 Intel, Microsoft | 2 Proset\/wireless Wifi, Windows | 2024-11-21 | N/A | 8.2 HIGH |
| Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28645 | 1 Nextcloud | 1 Richdocuments | 2024-11-21 | N/A | 5.7 MEDIUM |
| Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the `WOPI configuration` is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud. | |||||
| CVE-2023-28443 | 1 Monospace | 1 Directus | 2024-11-21 | N/A | 4.2 MEDIUM |
| Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3. | |||||