Total
2377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22285 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 7.5 HIGH |
| Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2023-22448 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 7.2 HIGH |
| Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-4379 | 1 Gitlab | 1 Gitlab | 2023-11-16 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated. | |||||
| CVE-2023-5549 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2023-11-16 | N/A | 5.3 MEDIUM |
| Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | |||||
| CVE-2023-5542 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2023-11-16 | N/A | 4.3 MEDIUM |
| Students in "Only see own membership" groups could see other students in the group, which should be hidden. | |||||
| CVE-2023-47110 | 1 Prestashop | 1 Customer Reassurance Block | 2023-11-15 | N/A | 5.3 MEDIUM |
| blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4. | |||||
| CVE-2023-4700 | 1 Gitlab | 1 Gitlab | 2023-11-14 | N/A | 6.5 MEDIUM |
| An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals. | |||||
| CVE-2023-5976 | 1 Microweber | 1 Microweber | 2023-11-14 | N/A | 4.3 MEDIUM |
| Improper Access Control in GitHub repository microweber/microweber prior to 2.0. | |||||
| CVE-2023-3399 | 1 Gitlab | 1 Gitlab | 2023-11-14 | N/A | 7.7 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates. | |||||
| CVE-2023-31019 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2023-11-14 | N/A | 7.1 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context. | |||||
| CVE-2023-31020 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2023-11-13 | N/A | 7.1 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering. | |||||
| CVE-2023-5833 | 1 Mintplexlabs | 1 Anythingllm | 2023-11-08 | N/A | 8.8 HIGH |
| Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | |||||
| CVE-2023-45228 | 1 Sielco | 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more | 2023-11-07 | N/A | 6.5 MEDIUM |
| The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters. | |||||
| CVE-2023-42769 | 1 Sielco | 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more | 2023-11-07 | N/A | 9.8 CRITICAL |
| The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter. | |||||
| CVE-2023-46666 | 1 Elastic | 1 Elastic Sharepoint Online Python Connector | 2023-11-07 | N/A | 6.5 MEDIUM |
| An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch. | |||||
| CVE-2023-46663 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2023-11-07 | N/A | 8.1 HIGH |
| Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. | |||||
| CVE-2023-46664 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2023-11-07 | N/A | 9.1 CRITICAL |
| Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages. | |||||
| CVE-2023-46665 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2023-11-07 | N/A | 9.8 CRITICAL |
| Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges. | |||||
| CVE-2023-41679 | 1 Fortinet | 1 Fortimanager | 2023-11-07 | N/A | 9.6 CRITICAL |
| An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs | |||||
| CVE-2023-36638 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2023-11-07 | N/A | 4.3 MEDIUM |
| An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID. | |||||