Total
595 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-49347 | 1 Ubuntubudgie | 1 Budgie Extras | 2023-12-20 | N/A | 7.8 HIGH |
Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application. | |||||
CVE-2023-41120 | 1 Enterprisedb | 1 Postgres Advanced Server | 2023-12-14 | N/A | 6.5 MEDIUM |
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMS_PROFILER to remove all accumulated profiling data on a system-wide basis, regardless of that user's permissions. | |||||
CVE-2023-39214 | 1 Zoom | 3 Meeting Software Development Kit, Rooms, Zoom | 2023-12-14 | N/A | 8.1 HIGH |
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access. | |||||
CVE-2023-4910 | 1 Redhat | 1 3scale Api Management | 2023-12-13 | N/A | 5.5 MEDIUM |
A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache. | |||||
CVE-2020-16212 | 1 Philips | 1 Patient Information Center Ix | 2023-12-12 | 4.6 MEDIUM | 6.8 MEDIUM |
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges. | |||||
CVE-2023-39171 | 1 Enbw | 2 Senec Storage Box, Senec Storage Box Firmware | 2023-12-12 | N/A | 7.2 HIGH |
SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials. | |||||
CVE-2023-42715 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
CVE-2023-42716 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 7.5 HIGH |
In telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed | |||||
CVE-2023-5542 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2023-12-10 | N/A | 4.3 MEDIUM |
Students in "Only see own membership" groups could see other students in the group, which should be hidden. | |||||
CVE-2023-36013 | 1 Microsoft | 1 Powershell | 2023-12-10 | N/A | 6.5 MEDIUM |
PowerShell Information Disclosure Vulnerability | |||||
CVE-2023-36043 | 1 Microsoft | 1 System Center Operations Manager | 2023-12-10 | N/A | 6.5 MEDIUM |
Open Management Infrastructure Information Disclosure Vulnerability | |||||
CVE-2023-42717 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 7.5 HIGH |
In telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed | |||||
CVE-2023-42718 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In dialer, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
CVE-2023-5545 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2023-12-10 | N/A | 5.3 MEDIUM |
H5P metadata automatically populated the author with the user's username, which could be sensitive information. | |||||
CVE-2023-41786 | 1 Artica | 1 Pandora Fms | 2023-12-10 | N/A | 6.5 MEDIUM |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772. | |||||
CVE-2023-36761 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2023-12-10 | N/A | 5.3 MEDIUM |
Microsoft Word Information Disclosure Vulnerability | |||||
CVE-2023-41745 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect, Macos and 2 more | 2023-12-10 | N/A | 5.5 MEDIUM |
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | |||||
CVE-2023-39058 | 1 The B Members Card Project | 1 The B Members Card | 2023-12-10 | N/A | 6.5 MEDIUM |
An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
CVE-2023-31014 | 2 Google, Nvidia | 2 Android, Geforce Now | 2023-12-10 | N/A | 4.8 MEDIUM |
NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution. | |||||
CVE-2023-38152 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2023-12-10 | N/A | 5.3 MEDIUM |
DHCP Server Service Information Disclosure Vulnerability |