Total
3755 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41721 | 1 Ui | 6 Unifi Dream Machine, Unifi Dream Machine Pro, Unifi Dream Machine Special Edition and 3 more | 2024-11-21 | 5.3 Medium |
| Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later. | ||||
| CVE-2023-41679 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 7.7 High |
| An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs | ||||
| CVE-2023-41570 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 5.3 Medium |
| MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API. | ||||
| CVE-2023-41322 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 4.9 Medium |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter's password and then take control of their account. Users are advised to upgrade to version 10.0.10. There are no known work around for this vulnerability. | ||||
| CVE-2023-41311 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.3 Medium |
| Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically. | ||||
| CVE-2023-40850 | 1 Netentsec | 2 Ns-asg, Ns-asg Firmware | 2024-11-21 | 7.5 High |
| netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway. | ||||
| CVE-2023-40579 | 1 Openfga | 1 Openfga | 2024-11-21 | 6.5 Medium |
| OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using `ListObjects` with specific models. The affected models contain expressions of type `rel1 from type1`. This issue has been patched in version 1.3.1. | ||||
| CVE-2023-40573 | 1 Xwiki | 2 Xwiki, Xwiki-platform | 2024-11-21 | 9.1 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document doesn't modify the content author. Together with a CSRF vulnerability in the job scheduler, this can be exploited for remote code execution by an attacker with edit right on the wiki. If the attack is successful, an error log entry with "Job content executed" will be produced. This vulnerability has been patched in XWiki 14.10.9 and 15.4RC1. | ||||
| CVE-2023-40161 | 1 Intel | 1 Unite | 2024-11-21 | 6.6 Medium |
| Improper access control in some Intel Unite(R) Client software before version 4.2.35041 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-40070 | 2024-11-21 | 8.8 High | ||
| Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-40039 | 1 Arris | 6 Tg1672g, Tg1672g Firmware, Tg852g and 3 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. | ||||
| CVE-2023-3786 | 1 Aures | 2 Komet, Komet Firmware | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as problematic has been found in Aures Komet up to 20230509. This affects an unknown part of the component Kiosk Mode. The manipulation leads to improper access controls. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-235053 was assigned to this vulnerability. | ||||
| CVE-2023-3305 | 1 Cdatatec | 1 Web Management System | 2024-11-21 | 7.3 High |
| A vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231801 was assigned to this vulnerability. | ||||
| CVE-2023-3304 | 1 Admidio | 1 Admidio | 2024-11-21 | 5.4 Medium |
| Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | ||||
| CVE-2023-3303 | 1 Admidio | 1 Admidio | 2024-11-21 | 3.5 Low |
| Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | ||||
| CVE-2023-3273 | 2 Sick, Sick Ag | 3 Icr890-4, Icr890-4 Firmware, Icr890-4 | 2024-11-21 | 7.5 High |
| Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control. | ||||
| CVE-2023-3271 | 2 Sick, Sick Ag | 3 Icr890-4, Icr890-4 Firmware, Icr890-4 | 2024-11-21 | 8.2 High |
| Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints. | ||||
| CVE-2023-3099 | 1 Ubuntukylin | 1 Youker-assistant | 2024-11-21 | 4.4 Medium |
| A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function delete_file in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230689 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3039 | 1 Dell | 1 Sd Rom Utility | 2024-11-21 | 7.3 High |
| SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access. | ||||
| CVE-2023-3018 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230362 is the identifier assigned to this vulnerability. | ||||