Total
542 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2227 | 1 Modoboa | 1 Modoboa | 2023-05-03 | 9.1 Critical |
| Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. | ||||
| CVE-2023-28973 | 1 Juniper | 1 Junos Os Evolved | 2023-04-28 | 7.1 High |
| An Improper Authorization vulnerability in the 'sysmanctl' shell command of Juniper Networks Junos OS Evolved allows a local, authenticated attacker to execute administrative commands that could impact the integrity of the system or system availability. Administrative functions such as daemon restarting, routing engine (RE) switchover, and node shutdown can all be performed through exploitation of the 'sysmanctl' command. Access to the 'sysmanctl' command is only available from the Junos shell. Neither direct nor indirect access to 'sysmanctl' is available from the Junos CLI. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R1-S2-EVO, 21.4R2-EVO. | ||||
| CVE-2023-26466 | 1 Pega | 1 Synchronization Engine | 2023-04-14 | 7.8 High |
| A user with non-Admin access can change a configuration file on the client to modify the Server URL. | ||||
| CVE-2023-28634 | 1 Glpi-project | 1 Glpi | 2023-04-12 | 8.8 High |
| GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue. | ||||
| CVE-2022-3787 | 1 Redhat | 2 Device-mapper-multipath, Enterprise Linux | 2023-04-06 | 7.8 High |
| A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root. | ||||
| CVE-2022-4062 | 1 Schneider-electric | 1 Ecostruxure Power Commission | 2023-04-03 | 7.8 High |
| A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25) | ||||
| CVE-2022-40208 | 1 Moodle | 1 Moodle | 2023-03-30 | 4.3 Medium |
| In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt. | ||||
| CVE-2022-31247 | 1 Suse | 1 Rancher | 2023-03-29 | 9.1 Critical |
| An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16. | ||||
| CVE-2023-21461 | 1 Samsung | 1 Android | 2023-03-23 | 5.5 Medium |
| Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity. | ||||
| CVE-2023-21454 | 1 Samsung | 1 Android | 2023-03-23 | 2.4 Low |
| Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen. | ||||
| CVE-2023-21452 | 1 Samsung | 1 Android | 2023-03-23 | 3.3 Low |
| Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device. | ||||
| CVE-2023-0734 | 1 Wallabag | 1 Wallabag | 2023-03-09 | 5.3 Medium |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. | ||||
| CVE-2018-3829 | 1 Elastic | 1 Elastic Cloud Enterprise | 2023-03-04 | 5.3 Medium |
| In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data. | ||||
| CVE-2023-0914 | 1 Pixelfed | 1 Pixelfed | 2023-02-28 | 5.3 Medium |
| Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4. | ||||
| CVE-2018-3778 | 1 Aedes Project | 1 Aedes | 2023-02-28 | 5.3 Medium |
| Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized. | ||||
| CVE-2023-21440 | 1 Samsung | 1 Android | 2023-02-21 | 5.5 Medium |
| Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture. | ||||
| CVE-2023-21436 | 1 Samsung | 1 Android | 2023-02-21 | 3.3 Low |
| Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID. | ||||
| CVE-2023-21429 | 1 Samsung | 1 Android | 2023-02-21 | 3.3 Low |
| Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID. | ||||
| CVE-2023-21424 | 1 Samsung | 1 Android | 2023-02-21 | 3.3 Low |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. | ||||
| CVE-2023-21423 | 1 Samsung | 1 Android | 2023-02-21 | 5.5 Medium |
| Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. | ||||