Total
821 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48241 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 7.5 High |
| XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected information like password hashes). While there is a right check normally, the right check can be circumvented by explicitly requesting fields from Solr that don't include the data for the right check. This has been fixed in XWiki 15.6RC1, 15.5.1 and 14.10.15 by not listing documents whose rights cannot be checked. No known workarounds are available. | ||||
| CVE-2023-47166 | 2024-11-21 | 8.8 High | ||
| A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2023-47109 | 1 Prestashop | 1 Customer Reassurance Block | 2024-11-21 | 5.5 Medium |
| PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing index.php for example. This issue has been patched in version 5.1.4. | ||||
| CVE-2023-44410 | 1 D-link | 1 D-view | 2024-11-21 | N/A |
| D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the showUsers method. The issue results from the lack of proper authorization before accessing a privileged endpoint. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. . Was ZDI-CAN-19535. | ||||
| CVE-2023-44125 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2024-11-21 | 6.1 Medium |
| The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service ("com.lge.abba") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag. | ||||
| CVE-2023-44123 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2024-11-21 | 6.1 Medium |
| The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth ("com.lge.bluetoothsetting") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag. | ||||
| CVE-2023-43609 | 1 Emerson | 6 Gc1500xa, Gc1500xa Firmware, Gc370xa and 3 more | 2024-11-21 | 6.9 Medium |
| In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition. | ||||
| CVE-2023-42491 | 1 Busbaer | 1 Eisbaer Scada | 2024-11-21 | 8.8 High |
| EisBaer Scada - CWE-285: Improper Authorization | ||||
| CVE-2023-41841 | 1 Fortinet | 1 Fortios | 2024-11-21 | 7.4 High |
| An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions. | ||||
| CVE-2023-41819 | 2024-11-21 | 6.1 Medium | ||
| A PendingIntent hijacking vulnerability was reported in the Motorola Face Unlock application that could allow a local attacker to access unauthorized content providers. | ||||
| CVE-2023-41673 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | 6.9 Medium |
| An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests. | ||||
| CVE-2023-40683 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2024-11-21 | 8.8 High |
| IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005. | ||||
| CVE-2023-3805 | 1 Four-faith | 1 Video Surveillance Management System | 2024-11-21 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in Xiamen Four Letter Video Surveillance Management System up to 20230712. This issue affects some unknown processing in the library UserInfoAction.class of the component Login. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235073 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3574 | 1 Pimcore | 2 Customer-data-framework, Customer Management Framework | 2024-11-21 | 6.5 Medium |
| Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1. | ||||
| CVE-2023-3037 | 1 Helpdezk | 1 Helpdezk | 2024-11-21 | 8.6 High |
| Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter. | ||||
| CVE-2023-39403 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. | ||||
| CVE-2023-39402 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. | ||||
| CVE-2023-39401 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. | ||||
| CVE-2023-39400 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. | ||||
| CVE-2023-39399 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. | ||||