Total
29046 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3786 | 1 Aures | 2 Komet, Komet Firmware | 2024-11-21 | 4.6 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in Aures Komet up to 20230509. This affects an unknown part of the component Kiosk Mode. The manipulation leads to improper access controls. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-235053 was assigned to this vulnerability. | |||||
| CVE-2023-3674 | 2 Fedoraproject, Keylime | 2 Fedora, Keylime | 2024-11-21 | N/A | 2.3 LOW |
| A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted. | |||||
| CVE-2023-3655 | 1 Cashit | 1 Cashit\! | 2024-11-21 | N/A | 7.5 HIGH |
| cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...). This vulnerability can be triggered by an HTTP endpoint exposed to the network. | |||||
| CVE-2023-3648 | 1 Wireshark | 1 Wireshark | 2024-11-21 | N/A | 5.3 MEDIUM |
| Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2023-3643 | 1 Carel | 2 Boss Mini, Boss Mini Firmware | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233889 was assigned to this vulnerability. | |||||
| CVE-2023-3629 | 2 Infinispan, Redhat | 4 Infinispan, Data Grid, Jboss Data Grid and 1 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. | |||||
| CVE-2023-3628 | 2 Infinispan, Redhat | 4 Infinispan, Data Grid, Jboss Data Grid and 1 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. | |||||
| CVE-2023-3580 | 1 Squidex.io | 1 Squidex | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0. | |||||
| CVE-2023-3574 | 1 Pimcore | 1 Customer Management Framework | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1. | |||||
| CVE-2023-3518 | 1 Hashicorp | 1 Consul | 2024-11-21 | N/A | 7.4 HIGH |
| HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1. | |||||
| CVE-2023-3517 | 1 Hitachi | 1 Pentaho Data Integration And Analytics | 2024-11-21 | N/A | 8.5 HIGH |
| Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources. | |||||
| CVE-2023-3511 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 2.0 LOW |
| An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a member of. | |||||
| CVE-2023-3509 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 3.7 LOW |
| An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible deploy keys associated with projects in the group. | |||||
| CVE-2023-3405 | 1 M-files | 1 M-files Server | 2024-11-21 | N/A | 7.5 HIGH |
| Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service | |||||
| CVE-2023-3399 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 8.5 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates. | |||||
| CVE-2023-3374 | 1 Bookreen | 1 Bookreen | 2024-11-21 | N/A | 9.8 CRITICAL |
| Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0. | |||||
| CVE-2023-3304 | 1 Admidio | 1 Admidio | 2024-11-21 | N/A | 5.4 MEDIUM |
| Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | |||||
| CVE-2023-3277 | 1 Inspireui | 1 Mstore Api | 2024-11-21 | N/A | 9.8 CRITICAL |
| The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. We are disclosing this issue as the developer has not yet released a patch, but continues to release updates and we escalated this issue to the plugin's team 30 days ago. | |||||
| CVE-2023-3266 | 1 Cyberpower | 1 Powerpanel Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully. | |||||
| CVE-2023-3265 | 1 Cyberpower | 1 Powerpanel Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator with hardcoded default credentials. | |||||