Total
2194 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5454 | 1 Templately | 1 Templately | 2023-12-10 | N/A | 7.5 HIGH |
| The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts. | |||||
| CVE-2023-33906 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-4302 | 1 Jenkins | 1 Fortify | 2023-12-10 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-21388 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
| In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-33907 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| In Contacts Service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | |||||
| CVE-2023-23763 | 1 Github | 1 Enterprise Server | 2023-12-10 | N/A | 5.3 MEDIUM |
| An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-45245 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119. | |||||
| CVE-2023-37492 | 1 Sap | 1 Netweaver Application Server Abap | 2023-12-10 | N/A | 6.5 MEDIUM |
| SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read sensitive information which can be used in a subsequent serious attack. | |||||
| CVE-2023-5331 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | N/A | 5.3 MEDIUM |
| Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information. | |||||
| CVE-2023-40636 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2023-12-10 | N/A | 4.4 MEDIUM |
| In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges needed | |||||
| CVE-2023-38450 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2023-12-10 | N/A | 7.8 HIGH |
| In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges | |||||
| CVE-2023-37049 | 1 Emlog | 1 Emlog | 2023-12-10 | N/A | 6.5 MEDIUM |
| emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php. | |||||
| CVE-2023-30932 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-42639 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-3072 | 1 Hashicorp | 1 Nomad | 2023-12-10 | N/A | 3.8 LOW |
| HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11. | |||||
| CVE-2023-43135 | 1 Tp-link | 2 Tl-er5120g, Tl-er5120g Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | |||||
| CVE-2023-3300 | 1 Hashicorp | 1 Nomad | 2023-12-10 | N/A | 5.3 MEDIUM |
| HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1. | |||||
| CVE-2023-5862 | 1 Hamza417 | 1 Inure | 2023-12-10 | N/A | 3.3 LOW |
| Missing Authorization in GitHub repository hamza417/inure prior to Build95. | |||||
| CVE-2023-21321 | 1 Google | 1 Android | 2023-12-10 | N/A | 5.5 MEDIUM |
| In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-30934 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||