Total
35574 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47579 | 1 Relyum | 2 Rely-pcie, Rely-pcie Firmware | 2024-11-21 | 7.5 High |
| Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system. | ||||
| CVE-2023-47503 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 9.8 Critical |
| An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module. | ||||
| CVE-2023-47465 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c. | ||||
| CVE-2023-47418 | 1 Zoneland | 1 O2oa | 2024-11-21 | 9.8 Critical |
| Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript. | ||||
| CVE-2023-47393 | 1 Mercedes-benz | 1 Mercedes Me | 2024-11-21 | 5.3 Medium |
| An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors. | ||||
| CVE-2023-47392 | 1 Mercedes-benz | 1 Mercedes Me | 2024-11-21 | 5.3 Medium |
| An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request. | ||||
| CVE-2023-47263 | 4 Apple, Linux, Microsoft and 1 more | 10 Macos, Linux Kernel, Windows and 7 more | 2024-11-21 | 7.5 High |
| Certain WithSecure products allow a Denial of Service (DoS) in the antivirus engine when scanning a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later. | ||||
| CVE-2023-47261 | 1 Dokmee | 1 Enterprise Content Management | 2024-11-21 | 9.8 Critical |
| Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database access, and xp_cmdshell can be enabled. | ||||
| CVE-2023-47247 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 4.3 Medium |
| In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102. | ||||
| CVE-2023-47201 | 1 Trendmicro | 1 Apex One | 2024-11-21 | 7.8 High |
| A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47200. | ||||
| CVE-2023-47172 | 1 Withsecure | 4 Client Security, Elements Endpoint Protection, Email And Server Security and 1 more | 2024-11-21 | 7.8 High |
| Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elements Endpoint Protection 17 and later. | ||||
| CVE-2023-47146 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.9 Medium |
| IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. IBM X-Force ID: 270372. | ||||
| CVE-2023-47126 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 3.7 Low |
| TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-47110 | 1 Prestashop | 1 Customer Reassurance Block | 2024-11-21 | 9.1 Critical |
| blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4. | ||||
| CVE-2023-47109 | 1 Prestashop | 1 Customer Reassurance Block | 2024-11-21 | 5.5 Medium |
| PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing index.php for example. This issue has been patched in version 5.1.4. | ||||
| CVE-2023-47101 | 1 Securepoint | 1 Openvpn-client | 2024-11-21 | 7.8 High |
| The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair. | ||||
| CVE-2023-47093 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine. | ||||
| CVE-2023-46980 | 1 Mayurik | 1 Best Courier Management System | 2024-11-21 | 9.8 Critical |
| An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. | ||||
| CVE-2023-46958 | 1 Lmxcms | 1 Lmxcms | 2024-11-21 | 9.8 Critical |
| An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. | ||||
| CVE-2023-46944 | 1 Gitkraken | 1 Gitlens | 2024-11-21 | 7.8 High |
| An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component. | ||||