Total
151 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-6538 | 1 Hitachi | 2 System Management Unit, System Management Unit Firmware | 2023-12-14 | N/A | 6.5 MEDIUM |
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles. | |||||
CVE-2023-32678 | 1 Zulip | 1 Zulip Server | 2023-12-10 | N/A | 6.5 MEDIUM |
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. This issue was fixed in Zulip Server version 7.3. | |||||
CVE-2023-28055 | 1 Dell | 1 Networker | 2023-12-10 | N/A | 8.8 HIGH |
Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity. | |||||
CVE-2023-42491 | 1 Busbaer | 1 Eisbaer Scada | 2023-12-10 | N/A | 9.8 CRITICAL |
EisBaer Scada - CWE-285: Improper Authorization | |||||
CVE-2023-5948 | 1 Teamamaze | 1 Amaze File Utilities | 2023-12-10 | N/A | 5.5 MEDIUM |
Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91. | |||||
CVE-2023-38220 | 1 Adobe | 2 Commerce, Magento | 2023-12-10 | N/A | 7.5 HIGH |
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction. | |||||
CVE-2023-37491 | 1 Sap | 1 Message Server | 2023-12-10 | N/A | 8.8 HIGH |
The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. This may lead to unauthorized read and write of data as well as rendering the system unavailable. | |||||
CVE-2023-2227 | 1 Modoboa | 1 Modoboa | 2023-12-10 | N/A | 9.1 CRITICAL |
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. | |||||
CVE-2023-2950 | 1 Open-emr | 1 Openemr | 2023-12-10 | N/A | 8.1 HIGH |
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1. | |||||
CVE-2023-34460 | 3 Apple, Linux, Tauri | 3 Macos, Linux Kernel, Tauri | 2023-12-10 | N/A | 9.8 CRITICAL |
Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. The regression has been patched on version 1.4.1. | |||||
CVE-2023-36611 | 1 Ovarro | 10 Tbox Lt2, Tbox Lt2 Firmware, Tbox Ms-cpu32 and 7 more | 2023-12-10 | N/A | 6.5 MEDIUM |
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens. | |||||
CVE-2023-28634 | 1 Glpi-project | 1 Glpi | 2023-12-10 | N/A | 8.8 HIGH |
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue. | |||||
CVE-2023-0610 | 1 Wallabag | 1 Wallabag | 2023-12-10 | N/A | 4.3 MEDIUM |
Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | |||||
CVE-2022-3187 | 1 Dataprobe | 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more | 2023-12-10 | N/A | 5.3 MEDIUM |
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets. | |||||
CVE-2023-0609 | 1 Wallabag | 1 Wallabag | 2023-12-10 | N/A | 4.3 MEDIUM |
Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | |||||
CVE-2022-23542 | 1 Openfga | 1 Openfga | 2023-12-10 | N/A | 9.8 CRITICAL |
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and is backward compatible. | |||||
CVE-2023-0734 | 1 Wallabag | 1 Wallabag | 2023-12-10 | N/A | 5.3 MEDIUM |
Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. | |||||
CVE-2022-4868 | 1 Froxlor | 1 Froxlor | 2023-12-10 | N/A | 4.3 MEDIUM |
Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | |||||
CVE-2022-4688 | 1 Usememos | 1 Memos | 2023-12-10 | N/A | 8.8 HIGH |
Improper Authorization in GitHub repository usememos/memos prior to 0.9.0. | |||||
CVE-2022-4062 | 1 Schneider-electric | 1 Ecostruxure Power Commission | 2023-12-10 | N/A | 7.8 HIGH |
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25) |