Total
1628 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-38486 | 1 Arubanetworks | 5 9004, 9004-lte, 9012 and 2 more | 2024-11-21 | N/A | 7.7 HIGH |
A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images. | |||||
CVE-2023-38389 | 1 Artbees | 1 Jupiter X Core | 2024-11-21 | N/A | 9.8 CRITICAL |
Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through 3.3.8. | |||||
CVE-2023-38368 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | N/A | 5.5 MEDIUM |
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195. | |||||
CVE-2023-38218 | 1 Adobe | 2 Commerce, Magento | 2024-11-21 | N/A | 8.8 HIGH |
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation. | |||||
CVE-2023-38209 | 1 Adobe | 1 Commerce | 2024-11-21 | N/A | 6.5 MEDIUM |
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction. | |||||
CVE-2023-38058 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A | 4.1 MEDIUM |
An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35. | |||||
CVE-2023-38035 | 1 Ivanti | 1 Mobileiron Sentry | 2024-11-21 | N/A | 9.8 CRITICAL |
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | |||||
CVE-2023-37881 | 1 Wftpserver | 1 Wing Ftp Server | 2024-11-21 | N/A | 4.9 MEDIUM |
Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7.2.0. | |||||
CVE-2023-37579 | 1 Apache | 1 Pulsar | 2024-11-21 | N/A | 8.2 HIGH |
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization. Many sources and sinks contain credentials in the configuration, which could lead to leaked credentials. This vulnerability is mitigated by the fact that there is not a known way for an authenticated user to enumerate another tenant's sources or sinks, meaning the source or sink name would need to be guessed in order to exploit this vulnerability. The recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.4. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.1. 3.0 Pulsar Function Worker users are unaffected. Any users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions. | |||||
CVE-2023-37492 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 4.9 MEDIUM |
SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read sensitive information which can be used in a subsequent serious attack. | |||||
CVE-2023-37491 | 1 Sap | 1 Message Server | 2024-11-21 | N/A | 7.5 HIGH |
The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. This may lead to unauthorized read and write of data as well as rendering the system unavailable. | |||||
CVE-2023-37367 | 1 Samsung | 24 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 21 more | 2024-11-21 | N/A | 5.3 MEDIUM |
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. In the NAS Task, an improperly implemented security check for standard can disallow desired services for a while via consecutive NAS messages. | |||||
CVE-2023-36994 | 1 Travianz Project | 1 Travianz | 2024-11-21 | N/A | 9.8 CRITICAL |
In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code. | |||||
CVE-2023-36826 | 1 Sentry | 1 Sentry | 2024-11-21 | N/A | 7.7 HIGH |
Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known bundle ID. The user does not need to be a member of the organization or have permissions on the project. A patch was issued in version 23.5.2 to ensure authorization checks are properly scoped on requests to retrieve debug or artifact bundles. Authenticated users who do not have the necessary permissions on the particular project are no longer able to download them. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 23.5.2 or higher. | |||||
CVE-2023-36646 | 1 Prolion | 1 Cryptospike | 2024-11-21 | N/A | 8.8 HIGH |
Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation. | |||||
CVE-2023-36556 | 1 Fortinet | 1 Fortimail | 2024-11-21 | N/A | 8.8 HIGH |
An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests. | |||||
CVE-2023-36387 | 1 Apache | 1 Superset | 2024-11-21 | N/A | 5.4 MEDIUM |
An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections. | |||||
CVE-2023-36339 | 1 Webboss | 1 Webboss.io Cms | 2024-11-21 | N/A | 7.5 HIGH |
An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to access the Website Backup Tool via a crafted GET request. | |||||
CVE-2023-36092 | 1 Dlink | 2 Dir-859, Dir-859 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2023-36091 | 1 Dlink | 2 Dir-895l, Dir-895l Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |