Total
35574 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50709 | 1 Cube | 1 Cube.js | 2024-11-21 | 6.5 Medium |
| Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in `v0.34.34` and it's recommended that all users exposing Cube APIs to the public internet upgrade to the latest version to prevent service disruption. There are currently no workaround for older versions, and the recommendation is to upgrade. | ||||
| CVE-2023-50571 | 1 Jeasy | 1 Easy Rules | 2024-11-21 | 7.8 High |
| easy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component MVELRule. | ||||
| CVE-2023-50453 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public. | ||||
| CVE-2023-50443 | 2 Microsoft, Primx | 2 Windows, Cryhod | 2024-11-21 | 4.6 Medium |
| Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (ANSSI qualification submission) or CRYHOD for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which disks are opened. | ||||
| CVE-2023-50442 | 1 Primx | 1 Zonecentral | 2024-11-21 | 5.5 Medium |
| Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily. (This modification can, however, be detected, as described in the Administrator Guide.) | ||||
| CVE-2023-50441 | 1 Primx | 1 Zonecentral | 2024-11-21 | 5.5 Medium |
| Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which folders are opened. | ||||
| CVE-2023-50439 | 1 Primx | 3 Zed\!, Zedmail, Zonecentral | 2024-11-21 | 5.3 Medium |
| ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.). | ||||
| CVE-2023-50428 | 2 Bitcoin, Bitcoinknots | 2 Bitcoin Core, Bitcoin Knots | 2024-11-21 | 5.3 Medium |
| In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it "not a bug." | ||||
| CVE-2023-50271 | 1 Hp | 2 Hp-ux, System Management Homepage | 2024-11-21 | 7.2 High |
| A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information. | ||||
| CVE-2023-50181 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | 4.8 Medium |
| An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests. | ||||
| CVE-2023-50110 | 1 Testlink | 1 Testlink | 2024-11-21 | 7.5 High |
| TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used. | ||||
| CVE-2023-50011 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 7.2 High |
| PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field. | ||||
| CVE-2023-4896 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 6.8 Medium |
| A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server. | ||||
| CVE-2023-4885 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 6.5 Medium |
| Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information. | ||||
| CVE-2023-4877 | 1 Hamza417 | 1 Inure | 2024-11-21 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92. | ||||
| CVE-2023-4876 | 1 Hamza417 | 1 Inure | 2024-11-21 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92. | ||||
| CVE-2023-4753 | 1 Openatom | 1 Openharmony | 2024-11-21 | 3.9 Low |
| OpenHarmony v3.2.1 and prior version has a system call function usage error. Local attackers can crash kernel by the error input. | ||||
| CVE-2023-4706 | 1 Lenovo | 1 Preload Directory | 2024-11-21 | 7.3 High |
| A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges. | ||||
| CVE-2023-4694 | 1 Hp | 24 Officejet Pro 8730 D9l19a, Officejet Pro 8730 D9l19a Firmware, Officejet Pro 8730 J7a28a and 21 more | 2024-11-21 | 7.5 High |
| Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header. | ||||
| CVE-2023-4553 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-11-21 | 5.3 Medium |
| Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2. | ||||