Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29524 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4804 1 Johnsoncontrols 12 Quantum Hd Unity Acuair, Quantum Hd Unity Acuair Firmware, Quantum Hd Unity Compressor and 9 more 2024-11-21 N/A 10.0 CRITICAL
An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.
CVE-2023-4749 1 Mayurik 1 Inventory Management System 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability.
CVE-2023-4700 1 Gitlab 1 Gitlab 2024-11-21 N/A 3.5 LOW
An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.
CVE-2023-4640 1 Yugabyte 1 Yugabytedb 2024-11-21 N/A 6.5 MEDIUM
The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3
CVE-2023-4570 1 Ni 1 Measurementlink 2024-11-21 N/A 8.8 HIGH
An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions.
CVE-2023-4456 1 Redhat 1 Openshift Logging 2024-11-21 N/A 5.7 MEDIUM
A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.
CVE-2023-4417 2 Devolutions, Microsoft 2 Remote Desktop Manager, Windows 2024-11-21 N/A 6.5 MEDIUM
Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.
CVE-2023-4381 1 Instantcms 1 Instantcms 2024-11-21 N/A 4.3 MEDIUM
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4258 1 Zephyrproject 1 Zephyr 2024-11-21 N/A 8.6 HIGH
In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.
CVE-2023-4237 1 Redhat 2 Ansible Automation Platform, Ansible Collection 2024-11-21 N/A 7.3 HIGH
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
CVE-2023-4018 1 Gitlab 1 Gitlab 2024-11-21 N/A 4.3 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects.
CVE-2023-49938 1 Schedmd 1 Slurm 2024-11-21 N/A 8.2 HIGH
An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7.
CVE-2023-49722 1 Bosch 6 Bcc101, Bcc101 Firmware, Bcc102 and 3 more 2024-11-21 N/A 8.3 HIGH
Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network.
CVE-2023-49589 1 Wwbn 1 Avideo 2024-11-21 N/A 8.8 HIGH
An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2023-49248 1 Huawei 2 Emui, Harmonyos 2024-11-21 N/A 5.5 MEDIUM
Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access.
CVE-2023-49245 1 Huawei 2 Emui, Harmonyos 2024-11-21 N/A 7.5 HIGH
Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-49081 1 Aiohttp 1 Aiohttp 2024-11-21 N/A 7.2 HIGH
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.
CVE-2023-49002 1 Xenomtechnologies 1 Phone Dialer-voice Call Dialer 2024-11-21 N/A 7.5 HIGH
An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity.
CVE-2023-48894 1 Huaxiaerp 1 Jsherp 2024-11-21 N/A 6.5 MEDIUM
Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function.
CVE-2023-48860 1 Totolink 2 N300rt, N300rt Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code.