Total
4317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29130 | 1 Siemens | 1 Simatic Cn 4100 | 2024-11-21 | N/A | 9.9 CRITICAL |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control. | |||||
| CVE-2023-28845 | 1 Nextcloud | 1 Talk | 2024-11-21 | N/A | 3.5 LOW |
| Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-28844 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 5.7 MEDIUM |
| Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-28810 | 1 Hikvision | 74 Ds-k1t320efwx, Ds-k1t320efwx Firmware, Ds-k1t320efx and 71 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network. | |||||
| CVE-2023-28809 | 1 Hikvision | 52 Ds-k1t320efwx, Ds-k1t320efwx Firmware, Ds-k1t320efx and 49 more | 2024-11-21 | N/A | 7.5 HIGH |
| Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user. | |||||
| CVE-2023-28808 | 1 Hikvision | 20 Ds-a71024, Ds-a71024 Firmware, Ds-a71048 and 17 more | 2024-11-21 | N/A | 9.1 CRITICAL |
| Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices. | |||||
| CVE-2023-28715 | 1 Intel | 1 Oneapi | 2024-11-21 | N/A | 5.0 MEDIUM |
| Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-28714 | 2 Intel, Microsoft | 2 Proset\/wireless Wifi, Windows | 2024-11-21 | N/A | 8.2 HIGH |
| Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28645 | 1 Nextcloud | 1 Richdocuments | 2024-11-21 | N/A | 5.7 MEDIUM |
| Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the `WOPI configuration` is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud. | |||||
| CVE-2023-28443 | 1 Monospace | 1 Directus | 2024-11-21 | N/A | 4.2 MEDIUM |
| Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3. | |||||
| CVE-2023-28397 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated to potentially enable escalation of privileges via local access. | |||||
| CVE-2023-28372 | 1 Purestorage | 1 Purity | 2024-11-21 | N/A | 6.5 MEDIUM |
| A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock. | |||||
| CVE-2023-28312 | 1 Microsoft | 1 Azure Machine Learning | 2024-11-21 | N/A | 6.5 MEDIUM |
| Azure Machine Learning Information Disclosure Vulnerability | |||||
| CVE-2023-28300 | 1 Microsoft | 1 Azure Service Connector | 2024-11-21 | N/A | 7.5 HIGH |
| Azure Service Connector Security Feature Bypass Vulnerability | |||||
| CVE-2023-28246 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows Server 2022 | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Registry Elevation of Privilege Vulnerability | |||||
| CVE-2023-28070 | 1 Dell | 1 Alienware Command Center | 2024-11-21 | N/A | 6.7 MEDIUM |
| Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation. | |||||
| CVE-2023-28066 | 1 Dell | 1 Os Recovery Tool | 2024-11-21 | N/A | 7.3 HIGH |
| Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system. | |||||
| CVE-2023-28051 | 1 Dell | 1 Power Manager | 2024-11-21 | N/A | 7.8 HIGH |
| Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system. | |||||
| CVE-2023-27879 | 1 Intel | 8 Optane Memory H20 With Solid State Storage, Optane Memory H20 With Solid State Storage Firmware, Optane Ssd 905p and 5 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| Improper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access. | |||||
| CVE-2023-27578 | 1 Galaxyproject | 1 Galaxy | 2024-11-21 | N/A | 9.1 CRITICAL |
| Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists. Due to this issue, an attacker can modify or delete any Galaxy Visualization or Galaxy Page given they know the encoded ID of it. Additionally, they can copy or import any Galaxy Visualization given they know the encoded ID of it. Patches are available for versions 22.01, 22.05, and 23.0. For the changes to take effect, you must restart all Galaxy server processes. There are no supported workarounds. | |||||