Total
448 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-28481 | 1 Tigergraph | 1 Tigergraph | 2023-12-10 | N/A | 8.8 HIGH |
An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using their own SSH key. | |||||
CVE-2023-32669 | 1 Buddyboss | 1 Buddyboss | 2023-12-10 | N/A | 5.4 MEDIUM |
Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id). | |||||
CVE-2023-2544 | 1 Upv | 1 Peix | 2023-12-10 | N/A | 6.5 MEDIUM |
Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". Through a POST request, an authenticated user could change the ID parameter to retrieve all the stored information of other registered users. | |||||
CVE-2023-4934 | 1 Usta | 1 Aybs | 2023-12-10 | N/A | 8.8 HIGH |
Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.This issue affects AYBS: before 1.0.3. | |||||
CVE-2023-2958 | 1 Orjinyazilim | 1 Ats Pro | 2023-12-10 | N/A | 9.8 CRITICAL |
Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass.This issue affects ATS Pro: before 20230714. | |||||
CVE-2023-4836 | 1 Userprivatefiles | 1 Wordpress File Sharing Plugin | 2023-12-10 | N/A | 4.3 MEDIUM |
The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced | |||||
CVE-2023-44154 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2023-12-10 | N/A | 8.1 HIGH |
Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||
CVE-2023-43668 | 1 Apache | 1 Inlong | 2023-12-10 | N/A | 9.8 CRITICAL |
Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8604 | |||||
CVE-2023-44205 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2023-12-10 | N/A | 5.3 MEDIUM |
Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||
CVE-2023-38872 | 1 Economizzer | 1 Economizzer | 2023-12-10 | N/A | 3.7 LOW |
An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment. | |||||
CVE-2023-45393 | 1 Grandingteco | 1 Utime Master | 2023-12-10 | N/A | 6.5 MEDIUM |
An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie. | |||||
CVE-2023-2190 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 6.5 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the project was public. | |||||
CVE-2023-32078 | 1 Gravitl | 1 Netmaker | 2023-12-10 | N/A | 7.5 HIGH |
Netmaker makes networks with WireGuard. An Insecure Direct Object Reference (IDOR) vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server. | |||||
CVE-2023-3700 | 1 Easyappointments | 1 Easyappointments | 2023-12-10 | N/A | 4.3 MEDIUM |
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | |||||
CVE-2023-38965 | 1 Oretnom23 | 1 Lost And Found Information System | 2023-12-10 | N/A | 9.8 CRITICAL |
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. | |||||
CVE-2023-46478 | 1 Minical | 1 Minical | 2023-12-10 | N/A | 8.8 HIGH |
An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter. | |||||
CVE-2023-42455 | 1 Wazuh | 2 Wazuh-dashboard, Wazuh-kibana-app | 2023-12-10 | N/A | 8.8 HIGH |
Wazuh is a security detection, visibility, and compliance open source project. In versions 4.4.0 and 4.4.1, it is possible to get the Wazuh API administrator key used by the Dashboard using the browser development tools. This allows a logged user to the dashboard to become administrator of the API, even if their dashboard role is not. Version 4.4.2 contains a fix. There are no known workarounds. | |||||
CVE-2020-10130 | 1 Searchblox | 1 Searchblox | 2023-12-10 | N/A | 8.8 HIGH |
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system. | |||||
CVE-2023-42334 | 1 Fl3xx | 2 Crew, Dispatch | 2023-12-10 | N/A | 6.5 MEDIUM |
An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter. | |||||
CVE-2023-45396 | 1 Elenos | 2 Etg150, Etg150 Firmware | 2023-12-10 | N/A | 6.5 MEDIUM |
An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12. |