Total
29059 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2022 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge | |||||
| CVE-2023-2019 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 4.4 MEDIUM |
| A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system. | |||||
| CVE-2023-2003 | 1 Unitronicsplc | 2 Vision1210, Vision1210 Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device. | |||||
| CVE-2023-29922 | 1 Powerjob | 1 Powerjob | 2024-11-21 | N/A | 5.3 MEDIUM |
| PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. | |||||
| CVE-2023-29862 | 1 Agasio Camera Project | 2 Agasio Camera, Agasio Camera Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters. | |||||
| CVE-2023-29861 | 1 Flir | 2 Dvtel Camera, Dvtel Camera Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device. | |||||
| CVE-2023-29818 | 1 Webroot | 1 Secureanywhere | 2024-11-21 | N/A | 5.5 MEDIUM |
| An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin. | |||||
| CVE-2023-29689 | 1 Pyrocms | 1 Pyrocms | 2024-11-21 | N/A | 9.8 CRITICAL |
| PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system. | |||||
| CVE-2023-29507 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.1 CRITICAL |
| XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking rights. The problem has been patched in XWiki 14.10 and 14.4.7 by returning a safe script API. | |||||
| CVE-2023-29320 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting feature. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-29298 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 7.5 HIGH |
| Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-29241 | 1 Bosch | 1 Building Integration System | 2024-11-21 | N/A | 8.1 HIGH |
| Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network | |||||
| CVE-2023-29157 | 1 Intel | 1 One Boot Flash Update | 2024-11-21 | N/A | 8.4 HIGH |
| Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-29051 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | N/A | 8.1 HIGH |
| User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users and contexts. We now make sure that the switch to disable user-generated templates by default works as intended and will remove the feature in future generations of the product. No publicly available exploits are known. | |||||
| CVE-2023-28971 | 1 Juniper | 1 Paragon Active Assurance | 2024-11-21 | N/A | 7.2 HIGH |
| An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance (PAA) (Formerly Netrounds) allows an attacker to bypass existing firewall rules and limitations used to restrict internal communcations. The Test Agents (TA) Appliance connects to the Control Center (CC) using OpenVPN. TA's are assigned an internal IP address in the 100.70.0.0/16 range. Firewall rules exists to limit communication from TA's to the CC to specific services only. OpenVPN is configured to not allow direct communication between Test Agents in the OpenVPN application itself, and routing is normally not enabled on the server running the CC application. The timescaledb feature is installed as an optional package on the Control Center. When the timescaledb container is started, this causes side-effects by bypassing the existing firewall rules and limitations for Test Agent communications. Note: This issue only affects customers hosting their own on-prem Control Center. The Paragon Active Assurance Software as a Service (SaaS) is not affected by this vulnerability since the timescaledb service is not enabled. This issue affects all on-prem versions of Juniper Networks Paragon Active Assurance prior to 4.1.2. | |||||
| CVE-2023-28964 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | N/A | 7.5 HIGH |
| An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause an RPD crash leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Upon receipt of a malformed BGP flowspec update, RPD will crash resulting in a Denial of Service. This issue affects Juniper Networks Junos OS: All versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2; Juniper Networks Junos OS Evolved: All versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R2-EVO; 20.3 versions prior to 20.3R2-EVO; | |||||
| CVE-2023-28961 | 1 Juniper | 20 Acx1000, Acx1100, Acx2000 and 17 more | 2024-11-21 | N/A | 5.8 MEDIUM |
| An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from next-header ah' from being properly installed in the packet forwarding engine (PFE). There is no immediate indication of an incomplete firewall filter commit shown at the CLI, which could allow an attacker to send valid packets to or through the device that were explicitly intended to be dropped. An indication that the filter was not installed can be identified with the following logs: fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Config failed: Unsupported Ip-protocol 51 in the filter lo0.0-inet6-i fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Please detach the filter, remove unsupported match and re-attach fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_rule : Status:104 dnx_dfw_rule_prepare failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_filter : Status:104 dnx_dfw_process_rule failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_filter_in_hw : Status:104 Could not process filter(lo0.0-inet6-i) for rule expansion Unsupported match, action present. fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_create_hw_instance : Status:104 Could not program dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER)! [104] fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_bind_shim : [104] Could not create dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER) fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_resolve : [100] Failed to bind filter(3) to bind point fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_change_end : dnx_dfw_update_resolve (resolve type) failed This issue affects Juniper Networks Junos OS on ACX Series: All versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2. | |||||
| CVE-2023-28956 | 2 Ibm, Microsoft | 2 Spectrum Protect Backup-archive Client, Windows | 2024-11-21 | N/A | 8.4 HIGH |
| IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. | |||||
| CVE-2023-28876 | 1 Afian | 1 Filerun | 2024-11-21 | N/A | 4.3 MEDIUM |
| A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users. | |||||
| CVE-2023-28810 | 1 Hikvision | 74 Ds-k1t320efwx, Ds-k1t320efwx Firmware, Ds-k1t320efx and 71 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network. | |||||