Total
595 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32275 | 1 Softether | 1 Vpn | 2023-12-10 | N/A | 4.4 MEDIUM |
| An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2023-39039 | 1 Camp Style Project Line Project | 1 Camp Style Project Line | 2023-12-10 | N/A | 6.5 MEDIUM |
| An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39974 | 1 Acymailing | 1 Acymailing | 2023-12-10 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list. | |||||
| CVE-2023-39049 | 1 Youmart-tokunaga Project | 1 Youmart-tokunaga | 2023-12-10 | N/A | 6.5 MEDIUM |
| An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-39040 | 1 Cheese Cafe Line Project | 1 Cheese Cafe Line | 2023-12-10 | N/A | 6.5 MEDIUM |
| An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | |||||
| CVE-2023-36429 | 1 Microsoft | 1 Dynamics 365 | 2023-12-10 | N/A | 6.5 MEDIUM |
| Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | |||||
| CVE-2023-42546 | 1 Samsung | 1 Account | 2023-12-10 | N/A | 6.5 MEDIUM |
| Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | |||||
| CVE-2023-4230 | 1 Moxa | 2 Iologik E4200, Iologik E4200 Firmware | 2023-12-10 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors. | |||||
| CVE-2023-41742 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect, Macos and 2 more | 2023-12-10 | N/A | 7.5 HIGH |
| Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | |||||
| CVE-2023-44102 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-10 | N/A | 5.3 MEDIUM |
| Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable. | |||||
| CVE-2023-39383 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-10 | N/A | 7.5 HIGH |
| Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security. | |||||
| CVE-2023-38558 | 1 Siemens | 1 Simatic Pcs Neo | 2023-12-10 | N/A | 5.5 MEDIUM |
| A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems. | |||||
| CVE-2023-2916 | 1 Revmakx | 1 Infinitewp Client | 2023-12-10 | N/A | 5.3 MEDIUM |
| The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges. | |||||
| CVE-2023-42551 | 1 Samsung | 1 Account | 2023-12-10 | N/A | 6.5 MEDIUM |
| Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | |||||
| CVE-2023-35013 | 1 Ibm | 1 Security Verify Governance | 2023-12-10 | N/A | 4.4 MEDIUM |
| IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769. | |||||
| CVE-2023-37599 | 1 Issabel | 1 Pbx | 2023-12-10 | N/A | 7.5 HIGH |
| An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory | |||||
| CVE-2023-39155 | 1 Jenkins | 1 Chef Identity | 2023-12-10 | N/A | 5.3 MEDIUM |
| Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it. | |||||
| CVE-2022-46901 | 1 Vocera | 2 Report Server, Voice Server | 2023-12-10 | N/A | 7.5 HIGH |
| An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database. | |||||
| CVE-2023-37911 | 1 Xwiki | 1 Xwiki | 2023-12-10 | N/A | 6.5 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as `deleted:1` (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document. This vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed. The only workaround is to regularly clean deleted documents to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole. | |||||
| CVE-2023-44394 | 1 Mantisbt | 1 Mantisbt | 2023-12-10 | N/A | 4.3 MEDIUM |
| MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been included in release `2.258`. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( `$g_wiki_enable = OFF;`). | |||||