Total
29051 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39253 | 1 Dell | 1 Os Recovery Tool | 2024-11-21 | N/A | 7.3 HIGH |
| Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system. | |||||
| CVE-2023-39249 | 1 Dell | 1 Supportassist For Home Pcs | 2024-11-21 | N/A | 6.3 MEDIUM |
| Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes. | |||||
| CVE-2023-39226 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 9.8 CRITICAL |
| In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet. | |||||
| CVE-2023-39218 | 1 Zoom | 3 Rooms, Virtual Desktop Infrastructure, Zoom | 2024-11-21 | N/A | 6.1 MEDIUM |
| Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. | |||||
| CVE-2023-39199 | 1 Zoom | 4 Meetings, Rooms, Virtual Desktop Infrastructure and 1 more | 2024-11-21 | N/A | 4.9 MEDIUM |
| Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. | |||||
| CVE-2023-38898 | 1 Python | 1 Python | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. | |||||
| CVE-2023-38880 | 1 Os4ed | 1 Opensis | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup<date>.sql" (e.g. "opensisBackup07-20-2023.sql"), i.e. can easily be guessed. This file can be accessed by any unauthenticated actor and contains a dump of the whole database including password hashes. | |||||
| CVE-2023-38752 | 1 Jpcert | 1 Special Interest Group Network For Analysis And Liaison | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings. | |||||
| CVE-2023-38751 | 1 Jpcert | 1 Special Interest Group Network For Analysis And Liaison | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation. | |||||
| CVE-2023-38744 | 1 Omron | 24 Cj1w-eip21, Cj1w-eip21 Firmware, Cj2h-cpu64-eip and 21 more | 2024-11-21 | N/A | 7.5 HIGH |
| Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier. | |||||
| CVE-2023-38576 | 2024-11-21 | N/A | 8.0 HIGH | ||
| Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. | |||||
| CVE-2023-38570 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| Access of memory location after end of buffer for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-38411 | 1 Intel | 1 Smart Campus | 2024-11-21 | N/A | 3.9 LOW |
| Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-38335 | 1 Omnis | 1 Studio | 2024-11-21 | N/A | 5.3 MEDIUM |
| Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation". | |||||
| CVE-2023-38334 | 1 Omnis | 1 Studio | 2024-11-21 | N/A | 6.5 MEDIUM |
| Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation." | |||||
| CVE-2023-38206 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 5.3 MEDIUM |
| Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints resulting in a low-confidentiality impact. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-38205 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 7.5 HIGH |
| Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-38195 | 1 Datalust | 1 Seq | 2024-11-21 | N/A | 4.9 MEDIUM |
| Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. This is exploitable only when external (SQL Server or PostgreSQL) metadata storage is used. Exploitation can only occur from a high-privileged user account. | |||||
| CVE-2023-37935 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 6.5 MEDIUM |
| A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. | |||||
| CVE-2023-37923 | 1 Tonybybell | 1 Gtkwave | 2024-11-21 | N/A | 7.8 HIGH |
| Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt conversion utility. | |||||