Search Results (11939 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-39246 2 Dell, Microsoft 4 Encryption, Endpoint Security Suite Enterprise, Security Management Server and 1 more 2024-11-21 4.6 Medium
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation
CVE-2023-39218 1 Zoom 3 Rooms, Virtual Desktop Infrastructure, Zoom 2024-11-21 6.1 Medium
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.
CVE-2023-39214 1 Zoom 3 Meeting Software Development Kit, Rooms, Zoom 2024-11-21 7.6 High
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
CVE-2023-39155 1 Jenkins 1 Chef Identity 2024-11-21 5.3 Medium
Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it.
CVE-2023-39152 1 Jenkins 1 Gradle 2024-11-21 6.5 Medium
Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances.
CVE-2023-39058 1 The B Members Card Project 1 The B Members Card 2024-11-21 6.5 Medium
An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVE-2023-39056 1 Coffee-jumbo Project 1 Coffee-jumbo 2024-11-21 6.5 Medium
An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVE-2023-39049 1 Youmart-tokunaga Project 1 Youmart-tokunaga 2024-11-21 6.5 Medium
An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVE-2023-39046 1 Tonton-tei Waiting Project 1 Tonton-tei Waiting 2024-11-21 6.5 Medium
An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVE-2023-39043 1 Ykc 1 Tokushima Awayokocho 2024-11-21 6.5 Medium
An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVE-2023-39040 1 Cheese Cafe Line Project 1 Cheese Cafe Line 2024-11-21 6.5 Medium
An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVE-2023-39039 1 Camp Style Project Line Project 1 Camp Style Project Line 2024-11-21 6.5 Medium
An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVE-2023-38998 1 Opnsense 1 Opnsense 2024-11-21 6.1 Medium
An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.
CVE-2023-38976 1 Weaviate 1 Weaviate 2024-11-21 7.5 High
An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function.
CVE-2023-38955 1 Zkteco 1 Bioaccess Ivs 2024-11-21 7.5 High
ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names.
CVE-2023-38947 1 Wbce 1 Wbce Cms 2024-11-21 7.2 High
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2023-38884 1 Os4ed 1 Opensis 2024-11-21 7.5 High
An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>'
CVE-2023-38872 1 Economizzer 1 Economizzer 2024-11-21 3.7 Low
An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.
CVE-2023-38830 1 Phpjabbers 1 Yacht Listing Script 2024-11-21 7.5 High
An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module.
CVE-2023-38574 1 I-pro 1 Video Insight 2024-11-21 6.1 Medium
Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.