Total
379 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29338 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | N/A | 6.6 MEDIUM |
| Visual Studio Code Information Disclosure Vulnerability | |||||
| CVE-2023-28634 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 8.8 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue. | |||||
| CVE-2023-28584 | 1 Qualcomm | 144 Aqt1000, Aqt1000 Firmware, Csrb31024 and 141 more | 2024-11-21 | N/A | 7.5 HIGH |
| Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA). | |||||
| CVE-2023-28556 | 1 Qualcomm | 452 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 449 more | 2024-11-21 | N/A | 7.1 HIGH |
| Cryptographic issue in HLOS during key management. | |||||
| CVE-2023-28055 | 1 Dell | 1 Networker | 2024-11-21 | N/A | 8.8 HIGH |
| Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2023-23696 | 1 Dell | 1 Command \| Intel Vpro Out Of Band | 2024-11-21 | N/A | 7.0 HIGH |
| Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system. | |||||
| CVE-2023-22480 | 1 Fit2cloud | 1 Kubeoperator | 2024-11-21 | N/A | 7.3 HIGH |
| KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4. | |||||
| CVE-2023-21549 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 11 more | 2024-11-21 | N/A | 8.8 HIGH |
| Windows SMB Witness Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-1256 | 1 Aveva | 2 Aveva Plant Scada, Telemetry Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states. | |||||
| CVE-2023-0813 | 1 Redhat | 2 Enterprise Linux, Network Observability | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication. | |||||
| CVE-2023-0734 | 1 Wallabag | 1 Wallabag | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. | |||||
| CVE-2023-0610 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | |||||
| CVE-2023-0609 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | |||||
| CVE-2023-0456 | 1 Redhat | 1 Apicast | 2024-11-21 | N/A | 7.4 HIGH |
| A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information. | |||||
| CVE-2022-4962 | 1 Apolloconfig | 1 Apollo | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive. | |||||
| CVE-2022-4879 | 1 Forged Alliance Forever Project | 1 Forged Alliance Forever | 2024-11-21 | 4.1 MEDIUM | 4.6 MEDIUM |
| A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Vote Handler. The manipulation leads to improper authorization. Upgrading to version 3747 is able to address this issue. The patch is named 6880971bd3d73d942384aff62d53058c206ce644. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217555. | |||||
| CVE-2022-4868 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | |||||
| CVE-2022-4804 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4688 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Improper Authorization in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-4062 | 2024-11-21 | N/A | 7.8 HIGH | ||
| A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25) | |||||