Total
4321 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49473 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware version V1.2.0 and software version V2.0.0 build 6245 is vulnerable to Incorrect Access Control. | |||||
| CVE-2023-49099 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 3.1 LOW |
| Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4. | |||||
| CVE-2023-49098 | 1 Discourse | 1 Discourse Reactions | 2024-11-21 | N/A | 3.5 LOW |
| Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939. | |||||
| CVE-2023-48303 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 2.4 LOW |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured external storage. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-48239 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 8.5 HIGH |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and starting in version 20.0.0 and prior to versions 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Enterprise Server, a malicious user could update any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud Server 25.0.13, 26.0.8, and 27.1.3 and Nextcloud Enterprise Server is upgraded to 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 contain a patch for this issue. As a workaround, disable app files_external. This workaround also makes the external storage inaccessible but retains the configurations until a patched version has been deployed. | |||||
| CVE-2023-47867 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device. | |||||
| CVE-2023-47865 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 4.3 MEDIUM |
| Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled | |||||
| CVE-2023-47859 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| Improper access control for some Intel(R) Wireless Bluetooth products for Windows before version 23.20 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-47858 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint. | |||||
| CVE-2023-47579 | 1 Relyum | 2 Rely-pcie, Rely-pcie Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system. | |||||
| CVE-2023-47536 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 3.1 LOW |
| An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update. | |||||
| CVE-2023-47110 | 1 Prestashop | 1 Customer Reassurance Block | 2024-11-21 | N/A | 9.1 CRITICAL |
| blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4. | |||||
| CVE-2023-47034 | 1 Uniswapfrontrunbot Project | 1 Uniswapfrontrunbot | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to cause financial losses via unspecified vectors. | |||||
| CVE-2023-46759 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-46755 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart. | |||||
| CVE-2023-46712 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | N/A | 7.2 HIGH |
| A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests. | |||||
| CVE-2023-46666 | 1 Elastic | 1 Elastic Sharepoint Online Python Connector | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch. | |||||
| CVE-2023-46665 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges. | |||||
| CVE-2023-46664 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
| Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages. | |||||
| CVE-2023-46663 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
| Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. | |||||