Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4302 | 1 Jenkins | 1 Fortify | 2024-11-21 | N/A | 4.2 MEDIUM |
| A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-4282 | 1 Wpdeveloper | 1 Embedpress | 2024-11-21 | N/A | 5.4 MEDIUM |
| The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings. | |||||
| CVE-2023-4198 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data | |||||
| CVE-2023-4164 | 1 Google | 2 Android, Pixel | 2024-11-21 | N/A | 8.4 HIGH |
| There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed. | |||||
| CVE-2023-4124 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 6.5 MEDIUM |
| Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1. | |||||
| CVE-2023-4106 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 6.3 MEDIUM |
| Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks. | |||||
| CVE-2023-4105 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 3.1 LOW |
| Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message | |||||
| CVE-2023-4104 | 1 Mozilla | 1 Vpn | 2024-11-21 | N/A | 5.5 MEDIUM |
| An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1. | |||||
| CVE-2023-49980 | 2024-11-21 | N/A | 7.5 HIGH | ||
| A directory listing vulnerability in Best Student Result Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization. | |||||
| CVE-2023-49742 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
| Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3. | |||||
| CVE-2023-49674 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. | |||||
| CVE-2023-49654 | 1 Jenkins | 1 Matlab | 2024-11-21 | N/A | 9.8 CRITICAL |
| Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system. | |||||
| CVE-2023-49652 | 1 Jenkins | 1 Google Compute Engine | 2024-11-21 | N/A | 2.7 LOW |
| Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects. This fix has been backported to 4.3.17.1. | |||||
| CVE-2023-49620 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | N/A | 6.5 MEDIUM |
| Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability | |||||
| CVE-2023-49230 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication. | |||||
| CVE-2023-49229 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-11-21 | N/A | 4.3 MEDIUM |
| An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration. | |||||
| CVE-2023-49003 | 1 Simplemobiletools | 1 Simple Dialer | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity. | |||||
| CVE-2023-48926 | 1 Prestashop | 1 Advanced Loyalty Program | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status. | |||||
| CVE-2023-48761 | 1 Crocoblock | 1 Jetelements | 2024-11-21 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | |||||
| CVE-2023-48760 | 1 Crocoblock | 1 Jetelements | 2024-11-21 | N/A | 8.2 HIGH |
| Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | |||||