Total
5178 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33970 | 1 Kanboard | 1 Kanboard | 2024-11-21 | N/A | 5.4 MEDIUM |
| Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it's a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-33968 | 1 Kanboard | 1 Kanboard | 2024-11-21 | N/A | 5.4 MEDIUM |
| Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-33948 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL. | |||||
| CVE-2023-33923 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from n/a through 1.3.0. | |||||
| CVE-2023-33922 | 1 Elementor | 1 Website Builder | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2. | |||||
| CVE-2023-33918 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33917 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33916 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33915 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2024-11-21 | N/A | 7.5 HIGH |
| In LTE protocol stack, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed | |||||
| CVE-2023-33912 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33911 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33910 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33909 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33908 | 2 Google, Unisoc | 13 Android, S8000, Sc9832e and 10 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33907 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In Contacts Service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33906 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-33902 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-33901 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-33900 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-33899 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||