Total
2247 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-21378 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2022-36228 | 1 Janusintl | 6 Noke Hd\+ Smart Padlock, Noke Hd\+ Smart Padlock Firmware, Noke Hd Smart Padlock and 3 more | 2023-12-10 | N/A | 6.5 MEDIUM |
Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app. | |||||
CVE-2023-26301 | 1 Hp | 38 Color Laserjet Pro 4201-4203 4ra87f, Color Laserjet Pro 4201-4203 4ra87f Firmware, Color Laserjet Pro 4201-4203 4ra88f and 35 more | 2023-12-10 | N/A | 9.8 CRITICAL |
Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints. | |||||
CVE-2022-4943 | 1 Miniorange | 1 Google Authenticator | 2023-12-10 | N/A | 5.3 MEDIUM |
The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings. | |||||
CVE-2023-38457 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges | |||||
CVE-2023-43194 | 1 Rcos | 1 Submitty | 2023-12-10 | N/A | 5.3 MEDIUM |
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter. | |||||
CVE-2021-4359 | 1 Najeebmedia | 1 Frontend File Manager Plugin | 2023-12-10 | N/A | 5.3 MEDIUM |
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfm_delete_file AJAX action. This makes it possible for unauthenticated attackers to delete any posts and pages on the site. | |||||
CVE-2023-1782 | 1 Hashicorp | 1 Nomad | 2023-12-10 | N/A | 9.8 CRITICAL |
HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3. | |||||
CVE-2022-48370 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | |||||
CVE-2023-2193 | 1 Mattermost | 1 Mattermost | 2023-12-10 | N/A | 9.1 CRITICAL |
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token. | |||||
CVE-2023-32677 | 1 Zulip | 1 Zulip | 2023-12-10 | N/A | 3.1 LOW |
Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite a new user also allows them to set the streams that the new user is invited to -- even if the inviting user would not have permissions to add an existing user to streams. While such a configuration is likely rare in practice, the behavior does violate security-related controls. This does not let a user invite new users to streams they cannot see, or would not be able to add users to if they had that general permission. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may limit sending of invitations down to users who also have the permission to add users to streams. | |||||
CVE-2023-35164 | 1 Dataease | 1 Dataease | 2023-12-10 | N/A | 6.5 MEDIUM |
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2023-32112 | 1 Sap | 2 S4core, Vendor Master Hierarchy | 2023-12-10 | N/A | 5.5 MEDIUM |
Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system. | |||||
CVE-2023-30928 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 7.8 HIGH |
In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
CVE-2023-30195 | 1 Lineagrafica | 1 Lgdetailedorder | 2023-12-10 | N/A | 7.5 HIGH |
In the module "Detailed Order" (lgdetailedorder) in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json. | |||||
CVE-2023-30914 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
CVE-2023-2590 | 1 Answer | 1 Answer | 2023-12-10 | N/A | 3.5 LOW |
Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9. | |||||
CVE-2023-21015 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569778 | |||||
CVE-2023-1903 | 1 Sap | 1 Hcm Fiori App My Forms | 2023-12-10 | N/A | 4.3 MEDIUM |
SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data. | |||||
CVE-2021-4338 | 1 Duckdev | 1 404 To 301 | 2023-12-10 | N/A | 5.4 MEDIUM |
The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. This makes it possible for authenticated attackers to view, create and edit redirections. |