Total
406 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32022 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2024-11-21 | N/A | 7.6 HIGH |
| Windows Server Service Security Feature Bypass Vulnerability | |||||
| CVE-2023-2950 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 8.1 HIGH |
| Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1. | |||||
| CVE-2023-2345 | 1 Oretnom23 | 1 Service Provider Management System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_inquiry. The manipulation leads to improper authorization. The attack may be launched remotely. The identifier of this vulnerability is VDB-227588. | |||||
| CVE-2023-2227 | 1 Modoboa | 1 Modoboa | 2024-11-21 | N/A | 9.1 CRITICAL |
| Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. | |||||
| CVE-2023-29338 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | N/A | 6.6 MEDIUM |
| Visual Studio Code Spoofing Vulnerability | |||||
| CVE-2023-28634 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 8.8 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue. | |||||
| CVE-2023-28584 | 1 Qualcomm | 144 Aqt1000, Aqt1000 Firmware, Csrb31024 and 141 more | 2024-11-21 | N/A | 7.5 HIGH |
| Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA). | |||||
| CVE-2023-28556 | 1 Qualcomm | 452 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 449 more | 2024-11-21 | N/A | 7.1 HIGH |
| Cryptographic issue in HLOS during key management. | |||||
| CVE-2023-28055 | 1 Dell | 1 Networker | 2024-11-21 | N/A | 8.8 HIGH |
| Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2023-21549 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 11 more | 2024-11-21 | N/A | 8.8 HIGH |
| Windows SMB Witness Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-20186 | 1 Cisco | 2 Ios, Ios Xe | 2024-11-21 | N/A | 8.0 HIGH |
| A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks. An attacker with valid credentials and level 15 privileges could exploit this vulnerability by using SCP to connect to an affected device from an external machine. A successful exploit could allow the attacker to obtain or change the configuration of the affected device and put files on or retrieve files from the affected device. | |||||
| CVE-2023-0734 | 1 Wallabag | 1 Wallabag | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. | |||||
| CVE-2023-0610 | 1 Wallabag | 1 Wallabag | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | |||||
| CVE-2023-0609 | 1 Wallabag | 1 Wallabag | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | |||||
| CVE-2022-4962 | 1 Apolloconfig | 1 Apollo | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive. | |||||
| CVE-2022-4868 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | |||||
| CVE-2022-4804 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4688 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Authorization in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-4062 | 1 Schneider-electric | 1 Ecostruxure Power Commission | 2024-11-21 | N/A | 7.8 HIGH |
| A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25) | |||||
| CVE-2022-40536 | 1 Qualcomm | 162 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 159 more | 2024-11-21 | N/A | 7.5 HIGH |
| Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network. | |||||