Total
1017 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24476 | 1 Ptc | 1 Vuforia Studio | 2024-11-21 | N/A | 1.8 LOW |
| An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid. | |||||
| CVE-2023-23696 | 1 Dell | 1 Command \| Intel Vpro Out Of Band | 2024-11-21 | N/A | 7.0 HIGH |
| Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system. | |||||
| CVE-2023-23568 | 1 Gallagher | 1 Command Centre | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior | |||||
| CVE-2023-22938 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance. | |||||
| CVE-2023-22931 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default. | |||||
| CVE-2023-22636 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A | 7.0 HIGH |
| An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request. | |||||
| CVE-2023-22480 | 1 Fit2cloud | 1 Kubeoperator | 2024-11-21 | N/A | 7.3 HIGH |
| KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4. | |||||
| CVE-2023-22428 | 1 Gallagher | 1 Command Centre | 2024-11-21 | N/A | 7.6 HIGH |
| Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior. | |||||
| CVE-2023-22348 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | |||||
| CVE-2023-21549 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 11 more | 2024-11-21 | N/A | 8.8 HIGH |
| Windows SMB Witness Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-21505 | 1 Samsung | 1 Samsung Core Services | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox. | |||||
| CVE-2023-21461 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity. | |||||
| CVE-2023-21454 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 2.4 LOW |
| Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen. | |||||
| CVE-2023-21452 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device. | |||||
| CVE-2023-21440 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.2 MEDIUM |
| Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture. | |||||
| CVE-2023-21436 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID. | |||||
| CVE-2023-21433 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | N/A | 7.8 HIGH |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | |||||
| CVE-2023-21432 | 1 Samsung | 1 Smart Things | 2024-11-21 | N/A | 4.2 MEDIUM |
| Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner. | |||||
| CVE-2023-21429 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID. | |||||
| CVE-2023-21424 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.1 MEDIUM |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. | |||||