Total
508 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1949 | 3 Fedoraproject, Port389, Redhat | 4 Fedora, 389-ds-base, Directory Server and 1 more | 2023-08-08 | 7.5 High |
| An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. | ||||
| CVE-2022-3413 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.3 Medium |
| Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above. | ||||
| CVE-2022-23856 | 1 Saviynt | 1 Enterprise Identity Cloud | 2023-08-08 | 5.3 Medium |
| An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI. | ||||
| CVE-2022-22832 | 1 Servisnet | 1 Tessa | 2023-08-08 | 9.8 Critical |
| An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request. | ||||
| CVE-2022-22331 | 1 Ibm | 1 Partner Engagement Manager | 2023-08-08 | 7.1 High |
| IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130. | ||||
| CVE-2022-25336 | 1 Ibexa | 1 Ez Platform Kernel | 2023-08-08 | 5.3 Medium |
| Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced. | ||||
| CVE-2022-34775 | 1 Tabit | 1 Tabit | 2023-08-08 | 7.5 High |
| Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack. | ||||
| CVE-2022-36966 | 1 Solarwinds | 1 Orion Platform | 2023-08-03 | 5.4 Medium |
| Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. | ||||
| CVE-2023-2713 | 1 Rental Module Project | 1 Rental Module | 2023-08-02 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15. | ||||
| CVE-2023-3048 | 1 Tmtmakine | 2 Lockcell, Lockcell Firmware | 2023-08-02 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15. | ||||
| CVE-2023-3700 | 1 Easyappointments | 1 Easyappointments | 2023-08-02 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-2958 | 1 Orjinyazilim | 1 Ats Pro | 2023-07-31 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass.This issue affects ATS Pro: before 20230714. | ||||
| CVE-2022-4811 | 1 Usememos | 1 Memos | 2023-07-21 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1. | ||||
| CVE-2023-2190 | 1 Gitlab | 1 Gitlab | 2023-07-20 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the project was public. | ||||
| CVE-2022-0442 | 1 Ayecode | 1 Userswp | 2023-07-20 | 4.3 Medium |
| The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar. | ||||
| CVE-2023-37242 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-12 | 9.8 Critical |
| Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities. | ||||
| CVE-2022-4505 | 1 Open-emr | 1 Openemr | 2023-07-11 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
| CVE-2022-42175 | 1 Soluslabs | 1 Solusvm | 2023-07-10 | 8.8 High |
| Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization. | ||||
| CVE-2022-2824 | 1 Open-emr | 1 Openemr | 2023-07-10 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1. | ||||
| CVE-2023-23679 | 1 Jshelpdesk | 1 Jshelpdesk | 2023-07-05 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7. | ||||