Total
6403 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4434 | 1 Hamza417 | 1 Inure | 2024-11-21 | 6.1 Medium |
| Missing Authorization in GitHub repository hamza417/inure prior to build88. | ||||
| CVE-2023-4302 | 1 Jenkins | 1 Fortify | 2024-11-21 | 4.2 Medium |
| A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-4198 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.5 Medium |
| Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data | ||||
| CVE-2023-4164 | 1 Google | 2 Android, Pixel | 2024-11-21 | 8.4 High |
| There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed. | ||||
| CVE-2023-4124 | 1 Answer | 1 Answer | 2024-11-21 | 6.5 Medium |
| Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1. | ||||
| CVE-2023-4106 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 6.3 Medium |
| Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks. | ||||
| CVE-2023-4105 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 3.1 Low |
| Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message | ||||
| CVE-2023-49980 | 2024-11-21 | 7.5 High | ||
| A directory listing vulnerability in Best Student Result Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization. | ||||
| CVE-2023-49742 | 2024-11-21 | 9.9 Critical | ||
| Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3. | ||||
| CVE-2023-49652 | 1 Jenkins | 1 Google Compute Engine | 2024-11-21 | 2.7 Low |
| Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects. This fix has been backported to 4.3.17.1. | ||||
| CVE-2023-49230 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication. | ||||
| CVE-2023-49229 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration. | ||||
| CVE-2023-49003 | 1 Simplemobiletools | 1 Simple Dialer | 2024-11-21 | 5.3 Medium |
| An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity. | ||||
| CVE-2023-48761 | 1 Crocoblock | 1 Jetelements | 2024-11-21 | 6.3 Medium |
| Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | ||||
| CVE-2023-48760 | 1 Crocoblock | 1 Jetelements | 2024-11-21 | 8.2 High |
| Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | ||||
| CVE-2023-48759 | 1 Crocoblock | 1 Jetelements | 2024-11-21 | 7.5 High |
| Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | ||||
| CVE-2023-48751 | 1 Xnau | 1 Participants Database | 2024-11-21 | 4.3 Medium |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5. | ||||
| CVE-2023-48684 | 2024-11-21 | N/A | ||
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758. | ||||
| CVE-2023-48417 | 1 Google | 2 Chromecast, Chromecast Firmware | 2024-11-21 | 9.8 Critical |
| Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application | ||||
| CVE-2023-48402 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||