Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-23570 | 1 Gallagher | 1 Command Centre | 2024-02-28 | N/A | 8.1 HIGH |
Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior. | |||||
CVE-2024-23447 | 1 Elastic | 1 Network Drive Connector | 2024-02-28 | N/A | 6.5 MEDIUM |
An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user. | |||||
CVE-2024-21607 | 1 Juniper | 23 Ex9200, Ex9204, Ex9208 and 20 more | 2024-02-28 | N/A | 5.3 MEDIUM |
An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a "next-header" match to avoid this filter bypass. This issue doesn't affect IPv4 firewall filters. This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series: * All versions earlier than 20.4R3-S7; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3. | |||||
CVE-2023-39226 | 1 Deltaww | 1 Infrasuite Device Master | 2024-02-28 | N/A | 9.8 CRITICAL |
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet. | |||||
CVE-2023-50559 | 1 Openxiangshan | 1 Xiangshan | 2024-02-28 | N/A | 5.5 MEDIUM |
An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache. | |||||
CVE-2023-39259 | 1 Dell | 1 Os Recovery Tool | 2024-02-28 | N/A | 7.8 HIGH |
Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system. | |||||
CVE-2023-40073 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-0212 | 1 Cloudflare | 1 Cloudflare | 2024-02-28 | N/A | 6.5 MEDIUM |
The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API. | |||||
CVE-2023-51071 | 1 Qstar | 1 Archive Storage Manager | 2024-02-28 | N/A | 6.5 MEDIUM |
An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link. | |||||
CVE-2023-7102 | 1 Barracuda | 10 Email Security Gateway 300, Email Security Gateway 300 Firmware, Email Security Gateway 400 and 7 more | 2024-02-28 | N/A | 9.8 CRITICAL |
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic. | |||||
CVE-2024-25677 | 1 Minbrowser | 1 Min | 2024-02-28 | N/A | 8.8 HIGH |
In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document. | |||||
CVE-2023-47325 | 1 Silverpeas | 1 Silverpeas | 2024-02-28 | N/A | 5.4 MEDIUM |
Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces. | |||||
CVE-2023-50871 | 1 Jetbrains | 1 Youtrack | 2024-02-28 | N/A | 4.3 MEDIUM |
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed | |||||
CVE-2023-48297 | 1 Discourse | 1 Discourse | 2024-02-28 | N/A | 7.5 HIGH |
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5. | |||||
CVE-2023-29157 | 1 Intel | 1 One Boot Flash Update | 2024-02-28 | N/A | 7.8 HIGH |
Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-29051 | 1 Open-xchange | 1 Ox App Suite | 2024-02-28 | N/A | 8.1 HIGH |
User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users and contexts. We now make sure that the switch to disable user-generated templates by default works as intended and will remove the feature in future generations of the product. No publicly available exploits are known. | |||||
CVE-2024-23446 | 1 Elastic | 1 Kibana | 2024-02-28 | N/A | 6.5 MEDIUM |
An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index. | |||||
CVE-2023-28397 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2024-02-28 | N/A | 7.8 HIGH |
Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated to potentially enable escalation of privileges via local access. | |||||
CVE-2023-6930 | 1 Eurotel | 2 Etl3100, Etl3100 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authentication bypass, privilege escalation, and full system access. | |||||
CVE-2024-20806 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data. |