Total
29038 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5299 | 1 Fujielectric | 1 Tellus Lite V-simulator | 2024-11-21 | N/A | 7.3 HIGH |
| A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system. | |||||
| CVE-2023-5240 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | N/A | 7.5 HIGH |
| Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request. | |||||
| CVE-2023-5236 | 2 Infinispan, Redhat | 3 Infinispan, Data Grid, Jboss Data Grid | 2024-11-21 | N/A | 4.4 MEDIUM |
| A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service. | |||||
| CVE-2023-5198 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys. | |||||
| CVE-2023-5106 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 8.2 HIGH |
| An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports. | |||||
| CVE-2023-5102 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
| Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests. | |||||
| CVE-2023-5061 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API. | |||||
| CVE-2023-5009 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 8.2 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact. | |||||
| CVE-2023-52436 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed. | |||||
| CVE-2023-52337 | 1 Trendmicro | 2 Deep Security, Deep Security Agent | 2024-11-21 | N/A | 7.8 HIGH |
| An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2023-52325 | 1 Trendmicro | 1 Apex Central | 2024-11-21 | N/A | 7.5 HIGH |
| A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability. | |||||
| CVE-2023-51948 | 1 Actidata | 2 Actinas Sl 2u-8 Rdx, Actinas Sl 2u-8 Rdx Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application. | |||||
| CVE-2023-51842 | 1 Meshcentral | 1 Meshcentral | 2024-11-21 | N/A | 7.5 HIGH |
| An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16. | |||||
| CVE-2023-51767 | 3 Fedoraproject, Openbsd, Redhat | 3 Fedora, Openssh, Enterprise Linux | 2024-11-21 | N/A | 7.0 HIGH |
| OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. | |||||
| CVE-2023-51661 | 1 Wasmer | 1 Wasmer | 2024-11-21 | N/A | 8.4 HIGH |
| Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4. | |||||
| CVE-2023-51071 | 1 Qstar | 1 Archive Storage Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
| An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link. | |||||
| CVE-2023-51070 | 1 Qstar | 1 Archive Storage Manager | 2024-11-21 | N/A | 7.5 HIGH |
| An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server. | |||||
| CVE-2023-51065 | 1 Qstar | 1 Archive Storage Manager | 2024-11-21 | N/A | 7.5 HIGH |
| Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server. | |||||
| CVE-2023-50959 | 1 Ibm | 1 Cloud Pak For Business Automation | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938. | |||||
| CVE-2023-50954 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776. | |||||