Total
6213 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35940 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 7.5 High |
| GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue. | ||||
| CVE-2023-35937 | 1 Metersphere | 1 Metersphere | 2024-11-21 | 6 Medium |
| Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can be updated as space administrators. Version 2.10.2 LTS has a patch for this issue. | ||||
| CVE-2023-35677 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-35665 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In multiple files, there is a possible way to import a contact from another user due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-35164 | 1 Dataease | 1 Dataease | 2024-11-21 | 6.3 Medium |
| DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-35049 | 2024-11-21 | 7.5 High | ||
| Missing Authorization vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.4.0. | ||||
| CVE-2023-35045 | 2024-11-21 | 4.3 Medium | ||
| Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through 2.6.7. | ||||
| CVE-2023-34463 | 1 Dataease | 1 Dataease | 2024-11-21 | 8.1 High |
| DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-34003 | 1 Woocommerce | 1 Box Office | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51. | ||||
| CVE-2023-33992 | 1 Sap | 2 Business Warehouse, Bw\/4hana | 2024-11-21 | 4.5 Medium |
| The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs authorizations on the query as well as on the keyfigure/measure level. The missing check only affects the data level. | ||||
| CVE-2023-33948 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 5.3 Medium |
| The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL. | ||||
| CVE-2023-33922 | 1 Elementor | 1 Website Builder | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2. | ||||
| CVE-2023-33918 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-11-21 | 5.5 Medium |
| In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | ||||
| CVE-2023-33917 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-11-21 | 5.5 Medium |
| In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | ||||
| CVE-2023-33916 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-11-21 | 5.5 Medium |
| In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | ||||
| CVE-2023-33915 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2024-11-21 | 7.5 High |
| In LTE protocol stack, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed | ||||
| CVE-2023-33912 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 5.5 Medium |
| In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | ||||
| CVE-2023-33911 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-11-21 | 5.5 Medium |
| In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | ||||
| CVE-2023-33910 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 5.5 Medium |
| In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | ||||
| CVE-2023-33909 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 5.5 Medium |
| In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | ||||