Total
1418 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-48859 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-02-28 | N/A | 8.8 HIGH |
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code. | |||||
CVE-2023-41314 | 1 Apache | 1 Doris | 2024-02-28 | N/A | 8.2 HIGH |
The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues. | |||||
CVE-2024-24774 | 1 Mattermost | 1 Mattermost Server | 2024-02-28 | N/A | 4.1 MEDIUM |
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues. | |||||
CVE-2020-10676 | 1 Suse | 1 Rancher | 2024-02-28 | N/A | 8.8 HIGH |
In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project. | |||||
CVE-2024-23653 | 1 Mobyproject | 1 Buildkit | 2024-02-28 | N/A | 9.8 CRITICAL |
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources. | |||||
CVE-2023-42575 | 1 Samsung | 1 Pass | 2024-02-28 | N/A | 6.8 MEDIUM |
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting. | |||||
CVE-2023-36646 | 1 Prolion | 1 Cryptospike | 2024-02-28 | N/A | 8.8 HIGH |
Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation. | |||||
CVE-2023-6355 | 1 Gallagher | 2 Controller 7000, Controller 7000 Firmware | 2024-02-28 | N/A | 6.8 MEDIUM |
Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507 (MR1)), 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)). | |||||
CVE-2023-49734 | 1 Apache | 1 Superset | 2024-02-28 | N/A | 6.5 MEDIUM |
An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue. | |||||
CVE-2024-20828 | 1 Samsung | 1 Internet | 2024-02-28 | N/A | 4.6 MEDIUM |
Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication. | |||||
CVE-2023-6963 | 1 Motopress | 1 Getwid - Gutenberg Blocks | 2024-02-28 | N/A | 5.3 MEDIUM |
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array. | |||||
CVE-2024-24751 | 2024-02-28 | N/A | 4.3 MEDIUM | ||
sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the `RedirectResponse` from the `$this->redirect()` function was never handled. This issue has been addressed in version 7.4.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2022-0775 | 1 Woocommerce | 1 Woocommerce | 2024-02-28 | N/A | 4.3 MEDIUM |
The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment | |||||
CVE-2023-5356 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 8.8 HIGH |
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user. | |||||
CVE-2023-49783 | 1 Silverstripe | 1 Admin | 2024-02-28 | N/A | 4.3 MEDIUM |
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a `ModelAdmin` can still edit or delete records using the CSV import form, provided they have create permissions. The likelihood of a user having create permissions but not having edit or delete permissions is low, but it is possible. Note that this doesn't affect any `ModelAdmin` which has had the import form disabled via the `showImportForm` public property. Versions 1.13.19 and 2.1.8 contain a patch for the issue. Those who have a custom implementation of `BulkLoader` should update their implementations to respect permissions when the return value of `getCheckPermissions()` is true. Those who use any `BulkLoader` in their own project logic, or maintain a module which uses it, should consider passing `true` to `setCheckPermissions()` if the data is provided by users. | |||||
CVE-2023-49273 | 1 Umbraco | 1 Umbraco Cms | 2024-02-28 | N/A | 5.4 MEDIUM |
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue. | |||||
CVE-2023-40610 | 1 Apache | 1 Superset | 2024-02-28 | N/A | 8.8 HIGH |
Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data. | |||||
CVE-2023-6542 | 1 Sap | 1 Emarsys Sdk | 2024-02-28 | N/A | 7.1 HIGH |
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device. | |||||
CVE-2024-24824 | 1 Graylog | 1 Graylog | 2024-02-28 | N/A | 8.8 HIGH |
Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. If a user with the appropriate permissions performs the request, arbitrary classes with 1-arg String constructors can be instantiated. This will execute arbitrary code that is run during class instantiation. In the specific use case of `java.io.File`, the behavior of the internal web-server stack will lead to information exposure by including the entire file content in the response to the REST request. Versions 5.1.11 and 5.2.4 contain a fix for this issue. | |||||
CVE-2023-42569 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji. |