Search
Total
6056 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50441 | 1 Primx | 1 Zonecentral | 2023-12-20 | N/A | 5.5 MEDIUM |
| Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which folders are opened. | |||||
| CVE-2023-50442 | 1 Primx | 1 Zonecentral | 2023-12-20 | N/A | 5.5 MEDIUM |
| Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily. (This modification can, however, be detected, as described in the Administrator Guide.) | |||||
| CVE-2023-50439 | 1 Primx | 3 Zed\!, Zedmail, Zonecentral | 2023-12-20 | N/A | 5.3 MEDIUM |
| ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.). | |||||
| CVE-2023-50440 | 1 Primx | 3 Zed\!, Zedmail, Zonecentral | 2023-12-20 | N/A | 5.5 MEDIUM |
| ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim. | |||||
| CVE-2022-24480 | 1 Microsoft | 1 Outlook | 2023-12-20 | N/A | 6.3 MEDIUM |
| Outlook for Android Elevation of Privilege Vulnerability | |||||
| CVE-2023-28022 | 1 Hcltech | 1 Connections | 2023-12-20 | N/A | 6.5 MEDIUM |
| HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | |||||
| CVE-2021-42794 | 1 Aveva | 1 Edge | 2023-12-20 | N/A | 5.3 MEDIUM |
| An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses. | |||||
| CVE-2023-5870 | 2 Postgresql, Redhat | 16 Postgresql, Codeready Linux Builder Eus, Codeready Linux Builder Eus For Power Little Endian Eus and 13 more | 2023-12-20 | N/A | 4.4 MEDIUM |
| A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack. | |||||
| CVE-2023-5868 | 2 Postgresql, Redhat | 16 Postgresql, Codeready Linux Builder Eus, Codeready Linux Builder Eus For Power Little Endian Eus and 13 more | 2023-12-20 | N/A | 4.3 MEDIUM |
| A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. | |||||
| CVE-2023-39418 | 2 Postgresql, Redhat | 2 Postgresql, Enterprise Linux | 2023-12-20 | N/A | 4.3 MEDIUM |
| A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows. | |||||
| CVE-2023-47271 | 1 Sfu | 1 Pkp Web Application Library | 2023-12-20 | N/A | 5.3 MEDIUM |
| PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image. | |||||
| CVE-2023-42883 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2023-12-19 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service. | |||||
| CVE-2023-50720 | 1 Xwiki | 1 Xwiki | 2023-12-19 | N/A | 5.3 MEDIUM |
| XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-36878 | 1 Microsoft | 1 Edge Chromium | 2023-12-19 | N/A | 4.3 MEDIUM |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2023-27317 | 1 Netapp | 1 Ontap | 2023-12-19 | N/A | 4.6 MEDIUM |
| ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives. | |||||
| CVE-2023-25650 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2023-12-19 | N/A | 6.5 MEDIUM |
| There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads. | |||||
| CVE-2023-43583 | 1 Zoom | 3 Meeting Software Development Kit, Video Software Development Kit, Zoom | 2023-12-19 | N/A | 4.9 MEDIUM |
| Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access. | |||||
| CVE-2023-6381 | 1 Supermailer | 1 Supermailer | 2023-12-18 | N/A | 5.5 MEDIUM |
| Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file (file with SMB extension) to a user via a link or email attachment and persuade the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the application when attempting to load the malicious file. | |||||
| CVE-2023-21751 | 1 Microsoft | 1 Azure Devops Server | 2023-12-18 | N/A | 6.5 MEDIUM |
| Azure DevOps Server Spoofing Vulnerability | |||||
| CVE-2023-34064 | 1 Vmware | 1 Workspace One Launcher | 2023-12-18 | N/A | 4.6 MEDIUM |
| Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information. | |||||
| CVE-2023-50495 | 1 Invisible-island | 1 Ncurse | 2023-12-18 | N/A | 6.5 MEDIUM |
| NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). | |||||
| CVE-2023-36009 | 1 Microsoft | 2 365 Apps, Office | 2023-12-18 | N/A | 5.5 MEDIUM |
| Microsoft Word Information Disclosure Vulnerability | |||||
| CVE-2023-36012 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2023-12-18 | N/A | 5.3 MEDIUM |
| DHCP Server Service Information Disclosure Vulnerability | |||||
| CVE-2023-36404 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2023-12-15 | N/A | 5.5 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2023-36406 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2023-12-15 | N/A | 5.5 MEDIUM |
| Windows Hyper-V Information Disclosure Vulnerability | |||||
| CVE-2023-36428 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2023-12-15 | N/A | 5.5 MEDIUM |
| Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | |||||
| CVE-2023-24934 | 1 Microsoft | 1 Malware Protection Platform | 2023-12-15 | N/A | 5.5 MEDIUM |
| Microsoft Defender Security Feature Bypass Vulnerability | |||||
| CVE-2023-20275 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2023-12-15 | N/A | 4.3 MEDIUM |
| A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address. This vulnerability is due to improper validation of the packet's inner source IP address after decryption. An attacker could exploit this vulnerability by sending crafted packets through the tunnel. A successful exploit could allow the attacker to send a packet impersonating another VPN user's IP address. It is not possible for the attacker to receive return packets. | |||||
| CVE-2023-35642 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-12-15 | N/A | 6.5 MEDIUM |
| Internet Connection Sharing (ICS) Denial of Service Vulnerability | |||||
| CVE-2023-6727 | 1 Mattermost | 1 Mattermost Server | 2023-12-15 | N/A | 4.3 MEDIUM |
| Mattermost fails to perform correct authorization checks when creating a playbook action, allowing users without access to the playbook to create playbook actions. If the playbook action created is to post a message in a channel based on specific keywords in a post, some playbook information, like the name, can be leaked. | |||||
| CVE-2023-6757 | 1 Thecosy | 1 Icecms | 2023-12-15 | N/A | 6.5 MEDIUM |
| A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /adplanet/PlanetUser of the component API. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247885 was assigned to this vulnerability. | |||||
| CVE-2023-4886 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2023-12-14 | N/A | 4.4 MEDIUM |
| A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable. | |||||
| CVE-2023-35625 | 1 Microsoft | 1 Azure Machine Learning Software Development Kit | 2023-12-14 | N/A | 4.7 MEDIUM |
| Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability | |||||
| CVE-2023-35629 | 1 Microsoft | 3 Windows 10 1507, Windows Server 2008, Windows Server 2012 | 2023-12-14 | N/A | 6.8 MEDIUM |
| Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-35635 | 1 Microsoft | 2 Windows 11 22h2, Windows 11 23h2 | 2023-12-14 | N/A | 5.5 MEDIUM |
| Windows Kernel Denial of Service Vulnerability | |||||
| CVE-2023-35636 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-12-14 | N/A | 6.5 MEDIUM |
| Microsoft Outlook Information Disclosure Vulnerability | |||||
| CVE-2023-35619 | 1 Microsoft | 1 Office Long Term Servicing Channel | 2023-12-14 | N/A | 5.3 MEDIUM |
| Microsoft Outlook for Mac Spoofing Vulnerability | |||||
| CVE-2015-2179 | 1 Xaviershay-dm-rails Porject | 1 Xaviershay-dm-rails | 2023-12-14 | N/A | 5.5 MEDIUM |
| The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments. | |||||
| CVE-2023-24922 | 1 Microsoft | 1 Dynamics 365 | 2023-12-14 | N/A | 6.5 MEDIUM |
| Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | |||||
| CVE-2023-49874 | 1 Mattermost | 1 Mattermost Server | 2023-12-14 | N/A | 4.3 MEDIUM |
| Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID. | |||||
| CVE-2023-41116 | 1 Enterprisedb | 1 Postgres Advanced Server | 2023-12-14 | N/A | 4.3 MEDIUM |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions. | |||||
| CVE-2023-41114 | 1 Enterprisedb | 1 Postgres Advanced Server | 2023-12-14 | N/A | 6.5 MEDIUM |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions get_url_as_text and get_url_as_bytea that are publicly executable, thus permitting an authenticated user to read any file from the local filesystem or remote system regardless of that user's permissions. | |||||
| CVE-2023-41113 | 1 Enterprisedb | 1 Postgres Advanced Server | 2023-12-14 | N/A | 4.3 MEDIUM |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occur when attempting to read them, and some limited information about their contents (regardless of permissions). This can occur when a superuser has configured one or more directories for filesystem access via CREATE DIRECTORY and adopted certain non-default settings for log_line_prefix and log_connections. | |||||
| CVE-2023-41115 | 1 Enterprisedb | 1 Postgres Advanced Server | 2023-12-14 | N/A | 6.5 MEDIUM |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTL_ENCODE, an authenticated user can read any large object, regardless of that user's permissions. | |||||
| CVE-2023-49796 | 1 Mindsdb | 1 Mindsdb | 2023-12-14 | N/A | 5.3 MEDIUM |
| MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue. | |||||
| CVE-2023-42900 | 1 Apple | 1 Macos | 2023-12-14 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data. | |||||
| CVE-2023-42914 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-14 | N/A | 6.3 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to break out of its sandbox. | |||||
| CVE-2023-42919 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-12-14 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to access sensitive user data. | |||||
| CVE-2023-42922 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-12-14 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to read sensitive location information. | |||||
| CVE-2023-2247 | 1 Octopus | 1 Octopus Deploy | 2023-12-14 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function | |||||