Total
596 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47338 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 7.1 HIGH |
| In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. | |||||
| CVE-2023-2069 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables. | |||||
| CVE-2023-35696 | 1 Sick | 2 Icr890-4, Icr890-4 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests. | |||||
| CVE-2022-38087 | 1 Intel | 934 Core I3-1000g1, Core I3-1000g1 Firmware, Core I3-1000g4 and 931 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-32019 | 1 Microsoft | 8 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 5 more | 2023-12-10 | N/A | 4.7 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2023-27976 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2023-12-10 | N/A | 8.8 HIGH |
| A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert (V15.1 and above) | |||||
| CVE-2023-3270 | 1 Sick | 2 Icr890-4, Icr890-4 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system. | |||||
| CVE-2021-30153 | 1 Mediawiki | 1 Mediawiki | 2023-12-10 | N/A | 4.3 MEDIUM |
| An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor. | |||||
| CVE-2023-29208 | 1 Xwiki | 1 Xwiki | 2023-12-10 | N/A | 7.5 HIGH |
| XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it. | |||||
| CVE-2023-1825 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export. | |||||
| CVE-2023-30960 | 1 Palantir | 1 Foundry Job-tracker | 2023-12-10 | N/A | 4.3 MEDIUM |
| A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required. | |||||
| CVE-2023-3456 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-10 | N/A | 5.3 MEDIUM |
| Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-34467 | 1 Xwiki | 1 Xwiki | 2023-12-10 | N/A | 7.5 HIGH |
| XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing the mail unobfuscated and users were able to filter and sort on the unobfuscated, allowing them to infer the mail content. The consequence was the possibility to retrieve the email addresses of all users even when obfuscated. This has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1. | |||||
| CVE-2022-43684 | 1 Servicenow | 1 Servicenow | 2023-12-10 | N/A | 6.5 MEDIUM |
| ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: * Quebec prior to Patch 10 Hot Fix 8b * Rome prior to Patch 10 Hot Fix 1 * San Diego prior to Patch 7 * Tokyo prior to Tokyo Patch 1; and * Utah prior to Utah General Availability If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls. | |||||
| CVE-2023-34119 | 1 Zoom | 1 Rooms | 2023-12-10 | N/A | 7.8 HIGH |
| Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | |||||
| CVE-2023-32394 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-10 | N/A | 2.4 LOW |
| The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen. | |||||
| CVE-2023-2820 | 1 Proofpoint | 1 Threat Response Auto Pull | 2023-12-10 | N/A | 6.8 MEDIUM |
| An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic. An attacker could use these credentials to impersonate PTR/TRAP to these services. All versions prior to 5.10.0 are affected. | |||||
| CVE-2023-32550 | 1 Canonical | 1 Landscape | 2023-12-10 | N/A | 8.2 HIGH |
| Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API. | |||||
| CVE-2023-3455 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-10 | N/A | 9.1 CRITICAL |
| Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity. | |||||
| CVE-2023-25954 | 3 Kyocera, Olivetti, Triumph-adler | 3 Mobile Print, Mobile Print, Mobile Print | 2023-12-10 | N/A | 5.5 MEDIUM |
| KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification. | |||||