Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48239 | 1 Nextcloud | 1 Nextcloud Server | 2023-11-29 | N/A | 7.1 HIGH |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and starting in version 20.0.0 and prior to versions 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Enterprise Server, a malicious user could update any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud Server 25.0.13, 26.0.8, and 27.1.3 and Nextcloud Enterprise Server is upgraded to 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 contain a patch for this issue. As a workaround, disable app files_external. This workaround also makes the external storage inaccessible but retains the configurations until a patched version has been deployed. | |||||
| CVE-2006-1078 | 1 Acme Labs | 1 Thttpd | 2023-11-28 | 7.2 HIGH | N/A |
| Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. | |||||
| CVE-2007-0664 | 1 Acme Labs | 1 Thttpd | 2023-11-28 | 5.0 MEDIUM | N/A |
| thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files. | |||||
| CVE-2023-6017 | 1 H2o | 1 H2o | 2023-11-28 | N/A | 7.1 HIGH |
| H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL. | |||||
| CVE-2022-41659 | 1 Intel | 1 Unison | 2023-11-27 | N/A | 4.4 MEDIUM |
| Improper access control for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2023-2255 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2023-11-26 | N/A | 5.3 MEDIUM |
| Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3. | |||||
| CVE-2022-41715 | 1 Golang | 1 Go | 2023-11-25 | N/A | 7.5 HIGH |
| Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. | |||||
| CVE-2022-41723 | 1 Golang | 3 Go, Hpack, Http2 | 2023-11-25 | N/A | 7.5 HIGH |
| A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | |||||
| CVE-2022-41689 | 1 Intel | 1 In-band Manageability | 2023-11-25 | N/A | 7.8 HIGH |
| Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-38786 | 1 Intel | 1 Battery Life Diagnostic Tool | 2023-11-25 | N/A | 7.8 HIGH |
| Improper access control in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-46908 | 1 Sqlite | 1 Sqlite | 2023-11-24 | N/A | 7.3 HIGH |
| SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. | |||||
| CVE-2023-39259 | 1 Dell | 1 Os Recovery Tool | 2023-11-23 | N/A | 7.8 HIGH |
| Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system. | |||||
| CVE-2021-21689 | 1 Jenkins | 1 Jenkins | 2023-11-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | |||||
| CVE-2022-27201 | 1 Jenkins | 2 Jenkins, Semantic Versioning | 2023-11-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | |||||
| CVE-2021-21696 | 1 Jenkins | 1 Jenkins | 2023-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process. | |||||
| CVE-2022-27195 | 1 Jenkins | 1 Parameterized Trigger | 2023-11-22 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-33124 | 1 Aiohttp | 1 Aiohttp | 2023-11-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the calling application | |||||
| CVE-2023-40540 | 1 Intel | 112 Nuc 11 Enthusiast Kit Nuc11phki7c, Nuc 11 Enthusiast Kit Nuc11phki7c Firmware, Nuc 11 Enthusiast Mini Pc Nuc11phki7caa and 109 more | 2023-11-22 | N/A | 4.4 MEDIUM |
| Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-31100 | 1 Phoenix | 1 Securecore Technology | 2023-11-22 | N/A | 7.1 HIGH |
| Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: * from 4.3.0.0 before 4.3.0.203 * from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before 4.4.0.217 * from 4.5.0.0 before 4.5.0.138 | |||||
| CVE-2022-43435 | 1 Jenkins | 1 360 Fireline | 2023-11-22 | N/A | 5.3 MEDIUM |
| Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | |||||
| CVE-2023-41570 | 1 Mikrotik | 1 Routeros | 2023-11-21 | N/A | 5.3 MEDIUM |
| MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API. | |||||
| CVE-2023-33872 | 1 Intel | 1 Support | 2023-11-21 | N/A | 5.5 MEDIUM |
| Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-47678 | 1 Asus | 2 Rt-ac87u, Rt-ac87u Firmware | 2023-11-21 | N/A | 9.1 CRITICAL |
| An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp. | |||||
| CVE-2023-32662 | 1 Intel | 1 Battery Life Diagnostic Tool | 2023-11-21 | N/A | 6.7 MEDIUM |
| Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-38411 | 1 Intel | 1 Smart Campus | 2023-11-21 | N/A | 7.8 HIGH |
| Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32279 | 1 Intel | 1 Connectivity Performance Suite | 2023-11-21 | N/A | 7.5 HIGH |
| Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2023-29157 | 1 Intel | 1 One Boot Flash Update | 2023-11-21 | N/A | 7.8 HIGH |
| Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32204 | 1 Intel | 1 One Boot Flash Update | 2023-11-21 | N/A | 7.8 HIGH |
| Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-39199 | 1 Zoom | 4 Meetings, Rooms, Virtual Desktop Infrastructure and 1 more | 2023-11-21 | N/A | 6.5 MEDIUM |
| Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. | |||||
| CVE-2023-43588 | 1 Zoom | 3 Meetings, Virtual Desktop Infrastructure, Zoom | 2023-11-21 | N/A | 6.5 MEDIUM |
| Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. | |||||
| CVE-2023-28397 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2023-11-20 | N/A | 7.8 HIGH |
| Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated to potentially enable escalation of privileges via local access. | |||||
| CVE-2020-8968 | 1 Parallels | 1 Remote Application Server | 2023-11-20 | 2.1 LOW | 7.1 HIGH |
| Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password. | |||||
| CVE-2023-5550 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2023-11-17 | N/A | 9.8 CRITICAL |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | |||||
| CVE-2023-38570 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 7.8 HIGH |
| Access of memory location after end of buffer for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-46299 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 5.5 MEDIUM |
| Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-43666 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 5.5 MEDIUM |
| Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-4804 | 1 Johnsoncontrols | 12 Quantum Hd Unity Acuair, Quantum Hd Unity Acuair Firmware, Quantum Hd Unity Compressor and 9 more | 2023-11-16 | N/A | 9.8 CRITICAL |
| An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. | |||||
| CVE-2023-47615 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2023-11-16 | N/A | 5.5 MEDIUM |
| A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system. | |||||
| CVE-2021-23882 | 1 Mcafee | 1 Endpoint Security | 2023-11-16 | 1.9 LOW | 4.4 MEDIUM |
| Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean installations of ENS as the Access Control rules will prevent modification prior to up an upgrade. | |||||
| CVE-2021-23880 | 1 Mcafee | 1 Endpoint Security | 2023-11-16 | 2.1 LOW | 4.4 MEDIUM |
| Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters. | |||||
| CVE-2023-46756 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-15 | N/A | 5.3 MEDIUM |
| Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows. | |||||
| CVE-2023-46758 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-15 | N/A | 7.5 HIGH |
| Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device. | |||||
| CVE-2023-46759 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-15 | N/A | 7.5 HIGH |
| Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-46765 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-15 | N/A | 7.5 HIGH |
| Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. | |||||
| CVE-2021-43419 | 1 Opayweb | 1 Opay | 2023-11-15 | N/A | 7.5 HIGH |
| An Information Disclosure vulnerability exists in Opay Mobile application 1.5.1.26 and maybe be higher in the logcat app. | |||||
| CVE-2023-43984 | 1 Advanced Export Products Orders Cron Csv Excel Project | 1 Advanced Export Products Orders Cron Csv Excel | 2023-11-15 | N/A | 7.5 HIGH |
| Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table. | |||||
| CVE-2023-42555 | 1 Samsung | 1 Easysetup | 2023-11-15 | N/A | 5.5 MEDIUM |
| Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13 allows attackers to get the bluetooth address of user device. | |||||
| CVE-2023-42553 | 1 Samsung | 1 Email | 2023-11-15 | N/A | 5.3 MEDIUM |
| Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email. | |||||
| CVE-2023-42544 | 1 Samsung | 1 Quick Share | 2023-11-15 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files. | |||||
| CVE-2023-46774 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-14 | N/A | 7.5 HIGH |
| Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. | |||||