Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45243 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2023-10-10 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. | |||||
| CVE-2023-45245 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2023-10-10 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119. | |||||
| CVE-2023-44210 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2023-10-06 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29258. | |||||
| CVE-2023-44208 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2023-10-05 | N/A | 9.1 CRITICAL |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713. | |||||
| CVE-2023-40376 | 1 Ibm | 1 Urbancode Deploy | 2023-10-05 | N/A | 6.5 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581. | |||||
| CVE-2023-4997 | 1 Prointegra | 1 Uptimedc | 2023-10-05 | N/A | 8.8 HIGH |
| Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation. | |||||
| CVE-2020-27777 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Openshift Container Platform | 2023-10-05 | 7.2 HIGH | 6.7 MEDIUM |
| A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. | |||||
| CVE-2023-3770 | 1 Ingeteam | 2 Ingepac Da3451, Ingepac Da3451 Firmware | 2023-10-04 | N/A | 4.3 MEDIUM |
| Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication. | |||||
| CVE-2023-5321 | 1 Hamza417 | 1 Inure | 2023-10-03 | N/A | 5.5 MEDIUM |
| Missing Authorization in GitHub repository hamza417/inure prior to build94. | |||||
| CVE-2023-43652 | 1 Fit2cloud | 1 Jumpserver | 2023-10-02 | N/A | 9.1 CRITICAL |
| JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used as an authentication secret alone. JumpServer provides an API for the KoKo component to validate user private key logins. This API does not verify the source of requests and will generate a personal authentication token. Given that public keys can be easily leaked, an attacker can exploit the leaked public key and username to authenticate, subsequently gaining access to the current user's information and authorized actions. This issue has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-0543 | 3 Canonical, Debian, Redis | 3 Ubuntu Linux, Debian Linux, Redis | 2023-09-29 | 10.0 HIGH | 10.0 CRITICAL |
| It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | |||||
| CVE-2023-5165 | 1 Docker | 1 Docker Desktop | 2023-09-26 | N/A | 8.8 HIGH |
| Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0. | |||||
| CVE-2023-41296 | 1 Huawei | 2 Emui, Harmonyos | 2023-09-25 | N/A | 9.1 CRITICAL |
| Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality. | |||||
| CVE-2023-43501 | 1 Jenkins | 1 Build Failure Analyzer | 2023-09-22 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. | |||||
| CVE-2023-43135 | 1 Tp-link | 2 Tl-er5120g, Tl-er5120g Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | |||||
| CVE-2023-43134 | 1 Netis-systems | 2 360r, 360r Firmware | 2023-09-22 | N/A | 9.8 CRITICAL |
| There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | |||||
| CVE-2023-42469 | 1 Fulldive | 1 Full Dialer | 2023-09-18 | N/A | 3.3 LOW |
| The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component. | |||||
| CVE-2020-25718 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2023-09-17 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. | |||||
| CVE-2023-40309 | 1 Sap | 9 Commoncryptolib, Content Server, Extended Application Services And Runtime and 6 more | 2023-09-15 | N/A | 9.8 CRITICAL |
| SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data. | |||||
| CVE-2023-39073 | 1 Voltronicpower | 1 Snmp Web Pro | 2023-09-15 | N/A | 9.8 CRITICAL |
| An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request. | |||||