Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34063 | 1 Vmware | 2 Aria Automation, Cloud Foundation | 2024-11-21 | N/A | 9.9 CRITICAL |
| Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. | |||||
| CVE-2023-34003 | 1 Woocommerce | 1 Box Office | 2024-11-21 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51. | |||||
| CVE-2023-33992 | 1 Sap | 2 Business Warehouse, Bw\/4hana | 2024-11-21 | N/A | 4.5 MEDIUM |
| The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs authorizations on the query as well as on the keyfigure/measure level. The missing check only affects the data level. | |||||
| CVE-2023-33970 | 1 Kanboard | 1 Kanboard | 2024-11-21 | N/A | 5.4 MEDIUM |
| Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it's a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-33968 | 1 Kanboard | 1 Kanboard | 2024-11-21 | N/A | 5.4 MEDIUM |
| Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-33948 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL. | |||||
| CVE-2023-33923 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from n/a through 1.3.0. | |||||
| CVE-2023-33922 | 1 Elementor | 1 Website Builder | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2. | |||||
| CVE-2023-33918 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33917 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33916 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33915 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2024-11-21 | N/A | 7.5 HIGH |
| In LTE protocol stack, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed | |||||
| CVE-2023-33912 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33911 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33910 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33909 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33908 | 2 Google, Unisoc | 13 Android, S8000, Sc9832e and 10 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33907 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In Contacts Service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33906 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33902 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||