Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-44289 | 1 Dell | 1 Command\|configure | 2024-02-28 | N/A | 7.8 HIGH |
Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation. | |||||
CVE-2023-47106 | 1 Traefik | 1 Traefik | 2024-02-28 | N/A | 6.5 MEDIUM |
Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2023-44285 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2024-02-28 | N/A | 7.8 HIGH |
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege. | |||||
CVE-2022-44543 | 1 In2code | 1 Femanager | 2024-02-28 | N/A | 5.3 MEDIUM |
The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled. | |||||
CVE-2022-41689 | 1 Intel | 1 In-band Manageability | 2024-02-28 | N/A | 7.8 HIGH |
Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-20827 | 1 Samsung | 1 Gallery | 2024-02-28 | N/A | 4.6 MEDIUM |
Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen. | |||||
CVE-2023-50341 | 1 Hcltech | 1 Dryice Myxalytics | 2024-02-28 | N/A | 7.5 HIGH |
HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint. | |||||
CVE-2023-46355 | 1 Blmodules | 1 Csv Feeds Pro | 2024-02-28 | N/A | 5.3 MEDIUM |
In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead to leaks of personal information from ps_customer / ps_order table such as name / surname / email / phone number / postal address. | |||||
CVE-2023-49246 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | N/A | 7.5 HIGH |
Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
CVE-2023-47865 | 1 Mattermost | 1 Mattermost | 2024-02-28 | N/A | 4.3 MEDIUM |
Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled | |||||
CVE-2023-47352 | 1 Technicolor | 2 Tc8715d, Tc8715d Firmware | 2024-02-28 | N/A | 8.8 HIGH |
Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords. | |||||
CVE-2023-3517 | 1 Hitachi | 1 Pentaho Data Integration And Analytics | 2024-02-28 | N/A | 8.8 HIGH |
Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources. | |||||
CVE-2023-32204 | 1 Intel | 1 One Boot Flash Update | 2024-02-28 | N/A | 7.8 HIGH |
Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-5550 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-02-28 | N/A | 9.8 CRITICAL |
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | |||||
CVE-2023-48894 | 1 Huaxiaerp | 1 Jsherp | 2024-02-28 | N/A | 6.5 MEDIUM |
Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function. | |||||
CVE-2023-50344 | 1 Hcltech | 1 Dryice Myxalytics | 2024-02-28 | N/A | 5.4 MEDIUM |
HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files. | |||||
CVE-2023-40151 | 1 Redlioncontrols | 12 St-ipm-6350, St-ipm-6350 Firmware, St-ipm-8460 and 9 more | 2024-02-28 | N/A | 9.8 CRITICAL |
When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge. | |||||
CVE-2023-45210 | 1 Pleasanter | 1 Pleasanter | 2024-02-28 | N/A | 4.3 MEDIUM |
Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access. | |||||
CVE-2023-28378 | 2 Intel, Microsoft | 4 Quickassist Technology, Quickassist Technology Firmware, Quickassist Technology Library and 1 more | 2024-02-28 | N/A | 7.8 HIGH |
Improper authorization in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-6538 | 1 Hitachi | 2 System Management Unit, System Management Unit Firmware | 2024-02-28 | N/A | 6.5 MEDIUM |
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles. |