Total
3755 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39973 | 1 Acymailing | 1 Acymailing | 2024-11-21 | 4.3 Medium |
| Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns. | ||||
| CVE-2023-39972 | 1 Acymailing | 1 Acymailing | 2024-11-21 | 4.3 Medium |
| Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized users to create new mailing lists. | ||||
| CVE-2023-39963 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 8.1 High |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a missing password confirmation allowed an attacker, after successfully stealing a session from a logged in user, to create app passwords for the victim. Nextcloud server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. | ||||
| CVE-2023-39962 | 1 Nextcloud | 2 Nextcloud Server, Server | 2024-11-21 | 7.7 High |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a malicious user could delete any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. As a workaround, disable app files_external. This also makes the external storage inaccessible but retains the configurations until a patched version has been deployed. | ||||
| CVE-2023-39961 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 Low |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. | ||||
| CVE-2023-39959 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 Low |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for the victim. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. | ||||
| CVE-2023-39952 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 6.5 Medium |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder of a groupfolder accessible to them, even if advanced permissions would block access to the subfolder. Nextcloud Server versions 25.0.8, 26.0.3, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1 contain a patch for this issue. No known workarounds are available. | ||||
| CVE-2023-39941 | 1 Intel | 1 System Usage Report For Gameplay | 2024-11-21 | 7.1 High |
| Improper access control in some Intel(R) SUR software before version 2.4.10587 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2023-39743 | 1 Pete4abw | 1 Lzma Software Development Kit | 2024-11-21 | 5.3 Medium |
| lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c. | ||||
| CVE-2023-39731 | 1 Line | 1 Kaibutsunosato | 2024-11-21 | 5.3 Medium |
| The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | ||||
| CVE-2023-39433 | 2024-11-21 | 4.4 Medium | ||
| Improper access control for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-39432 | 1 Intel | 1 Ethernet Adapter Complete Driver | 2024-11-21 | 6.7 Medium |
| Improper access control element in some Intel(R) Ethernet tools and driver install software, before versions 28.2, may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-39425 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | 8.8 High |
| Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-39376 | 1 Siberiancms | 1 Siberiancms | 2024-11-21 | 6.5 Medium |
| SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network | ||||
| CVE-2023-39349 | 2 Getsentry, Sentry | 2 Sentry, Sentry | 2024-11-21 | 8.1 High |
| Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on `sentry.io`. For self-hosted users, it is advised to rotate user auth tokens. A fix is available in version 23.7.2 of `sentry` and `self-hosted`. There are no known workarounds. | ||||
| CVE-2023-39259 | 1 Dell | 1 Os Recovery Tool | 2024-11-21 | 7.3 High |
| Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system. | ||||
| CVE-2023-39257 | 1 Dell | 1 Rugged Control Center | 2024-11-21 | 7.3 High |
| Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege escalation on the system. | ||||
| CVE-2023-39256 | 1 Dell | 1 Rugged Control Center | 2024-11-21 | 7.3 High |
| Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation on the system. | ||||
| CVE-2023-39253 | 1 Dell | 1 Os Recovery Tool | 2024-11-21 | 7.3 High |
| Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system. | ||||
| CVE-2023-39228 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | 5.3 Medium |
| Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. | ||||