Vulnerabilities (CVE)

Filtered by CWE-284
Total 3018 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-50181 1 Fortinet 1 Fortiadc 2024-11-21 N/A 4.9 MEDIUM
An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests.
CVE-2023-4696 1 Usememos 1 Memos 2024-11-21 N/A 9.8 CRITICAL
Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.
CVE-2023-4650 1 Instantcms 1 Instantcms 2024-11-21 N/A 4.7 MEDIUM
Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4183 1 Inventory Management System Project 1 Inventory Management System 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit_update.php of the component Password Handler. The manipulation of the argument user_id leads to improper access controls. The attack can be initiated remotely. VDB-236218 is the identifier assigned to this vulnerability.
CVE-2023-49978 2024-11-21 N/A 7.2 HIGH
Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators.
CVE-2023-49791 1 Nextcloud 1 Nextcloud Server 2024-11-21 N/A 5.4 MEDIUM
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an active session of another user via another way, they could delete and modify workflows by sending calls directly to the API bypassing the password confirmation shown in the UI. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available.
CVE-2023-49473 2024-11-21 N/A 9.8 CRITICAL
Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware version V1.2.0 and software version V2.0.0 build 6245 is vulnerable to Incorrect Access Control.
CVE-2023-49099 1 Discourse 1 Discourse 2024-11-21 N/A 3.1 LOW
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.
CVE-2023-49098 1 Discourse 1 Discourse Reactions 2024-11-21 N/A 3.5 LOW
Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939.
CVE-2023-47867 1 Machinesense 2 Feverwarn, Feverwarn Firmware 2024-11-21 N/A 8.8 HIGH
MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device.
CVE-2023-47859 2024-11-21 N/A 5.5 MEDIUM
Improper access control for some Intel(R) Wireless Bluetooth products for Windows before version 23.20 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-47858 1 Mattermost 1 Mattermost Server 2024-11-21 N/A 4.3 MEDIUM
Mattermost fails to properly verify the permissions needed for viewing archived public channels,  allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint.
CVE-2023-47579 1 Relyum 2 Rely-pcie, Rely-pcie Firmware 2024-11-21 N/A 7.5 HIGH
Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system.
CVE-2023-47536 1 Fortinet 2 Fortios, Fortiproxy 2024-11-21 N/A 3.1 LOW
An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update.
CVE-2023-47034 1 Uniswapfrontrunbot Project 1 Uniswapfrontrunbot 2024-11-21 N/A 7.5 HIGH
A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to cause financial losses via unspecified vectors.
CVE-2023-46759 1 Huawei 2 Emui, Harmonyos 2024-11-21 N/A 7.5 HIGH
Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-46755 1 Huawei 2 Emui, Harmonyos 2024-11-21 N/A 5.3 MEDIUM
Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart.
CVE-2023-46712 1 Fortinet 1 Fortiportal 2024-11-21 N/A 7.2 HIGH
A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests.
CVE-2023-46501 1 Boltwire 1 Boltwire 2024-11-21 N/A 9.1 CRITICAL
An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function.
CVE-2023-46033 1 Dlink 4 Dsl-2730u, Dsl-2730u Firmware, Dsl-2750u and 1 more 2024-11-21 N/A 6.8 MEDIUM
D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control.