Total
638 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22307 | 1 Tribe29 | 1 Checkmk Appliance Firmware | 2023-04-27 | N/A | 5.5 MEDIUM |
| Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files. | |||||
| CVE-2023-29203 | 1 Xwiki | 1 Xwiki | 2023-04-26 | N/A | 5.3 MEDIUM |
| XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with `uorgsuggest.vm`. This issue only concerns hidden users from main wiki. Note that the disclosed information are the username and the first and last name of users, no other information is leaked. The problem has been patched on XWiki 13.10.8, 14.4.3 and 14.7RC1. | |||||
| CVE-2023-29208 | 1 Xwiki | 1 Xwiki | 2023-04-25 | N/A | 7.5 HIGH |
| XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it. | |||||
| CVE-2023-25409 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2023-04-24 | N/A | 8.1 HIGH |
| Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets. | |||||
| CVE-2023-25954 | 3 Kyocera, Olivetti, Triumph-adler | 3 Mobile Print, Mobile Print, Mobile Print | 2023-04-21 | N/A | 5.5 MEDIUM |
| KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification. | |||||
| CVE-2023-26588 | 1 Buffalo | 32 Bs-gs2008, Bs-gs2008 Firmware, Bs-gs2008p and 29 more | 2023-04-18 | N/A | 7.5 HIGH |
| Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier | |||||
| CVE-2023-26458 | 1 Sap | 1 Landscape Management | 2023-04-14 | N/A | 8.7 HIGH |
| An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system. | |||||
| CVE-2021-25314 | 1 Suse | 2 Hawk2, Linux Enterprise High Availability Extension | 2023-04-14 | 7.2 HIGH | 7.8 HIGH |
| A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9. | |||||
| CVE-2023-29192 | 1 Silverwaregames | 1 Silverwaregames | 2023-04-14 | N/A | 4.3 MEDIUM |
| SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19. | |||||
| CVE-2022-47338 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-04-14 | N/A | 7.1 HIGH |
| In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. | |||||
| CVE-2020-18754 | 1 Dcce | 2 Mac1100 Plc, Mac1100 Plc Firmware | 2023-03-31 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100. | |||||
| CVE-2023-28433 | 1 Minio | 1 Minio | 2023-03-28 | N/A | 8.8 HIGH |
| Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\` character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to `PutObject` in a specific bucket, can create an admin user. This issue is patched in RELEASE.2023-03-20T20-16-18Z. There are no known workarounds. | |||||
| CVE-2020-22647 | 1 Smartconrtactgames Project | 1 Smartconrtactgames | 2023-03-24 | N/A | 9.1 CRITICAL |
| An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the GetBonusWithdraw and withdraw functions. | |||||
| CVE-2023-25802 | 1 Roxy-wi | 1 Roxy-wi | 2023-03-22 | N/A | 7.5 HIGH |
| Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize `dir/../filename` sequences, such as `/etc/nginx/../passwd`, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue. | |||||
| CVE-2019-10790 | 1 Taffydb | 1 Taffy | 2023-03-17 | 5.0 MEDIUM | 7.5 HIGH |
| taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB. | |||||
| CVE-2023-22892 | 1 Smartbear | 1 Zephyr Enterprise | 2023-03-14 | N/A | 7.5 HIGH |
| There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances. | |||||
| CVE-2022-44310 | 1 Ecdh Project | 1 Ecdh | 2023-03-07 | N/A | 7.5 HIGH |
| In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret. | |||||
| CVE-2023-0481 | 1 Quarkus | 1 Quarkus | 2023-03-07 | N/A | 3.3 LOW |
| In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user. | |||||
| CVE-2023-25192 | 1 Ami | 1 Megarac Sp-x | 2023-02-24 | N/A | 5.3 MEDIUM |
| AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00. | |||||
| CVE-2023-21438 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 2.4 LOW |
| Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder. | |||||