Filtered by CWE-863
Total 2262 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-3033 1 Mobatime 1 Mobatime Web Application 2025-01-08 6.8 Medium
Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22.
CVE-2023-3066 1 Mobatime 1 Amxgt 100 2025-01-08 8.1 High
Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20.
CVE-2023-3027 1 Redhat 2 Acm, Advanced Cluster Management For Kubernetes 2025-01-08 7.8 High
The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster) of taking advantage of cluster scoped access in a created policy. This feature does not restrict properly to lookup content from the namespace where the policy was created.
CVE-2023-33651 1 Sitecore 4 Experience Commerce, Experience Manager, Experience Platform and 1 more 2025-01-08 7.5 High
An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.
CVE-2024-21259 1 Oracle 1 Vm Virtualbox 2025-01-07 7.5 High
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
CVE-2023-21670 1 Qualcomm 364 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 361 more 2025-01-07 7.8 High
Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.
CVE-2023-1779 1 Mbconnectline 2 Mbconnect24, Mymbconnect24 2025-01-07 4.3 Medium
Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information.
CVE-2024-1803 1 Wpdeveloper 1 Embedpress 2025-01-07 4.3 Medium
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block in all versions up to, and including, 3.9.12. This makes it possible for authenticated attackers, with contributor-level access and above, to embed PDF blocks.
CVE-2023-22833 1 Palantir 1 Foundry 2025-01-07 7.6 High
Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances.
CVE-2023-34958 1 Chamilo 1 Chamilo Lms 2025-01-06 4.3 Medium
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.
CVE-2023-32749 1 Pydio 1 Cells 2025-01-06 8.8 High
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.
CVE-2023-29766 1 Appcrossx 1 Crossx 2025-01-06 7.8 High
An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files.
CVE-2023-29761 1 Urbanandroid 1 Sleep 2025-01-06 5.5 Medium
An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
CVE-2023-29759 1 Flightaware 1 Flightaware 2025-01-06 5.5 Medium
An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files.
CVE-2023-29758 1 Leap 1 Blue Light Filter 2025-01-06 5.5 Medium
An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
CVE-2023-27716 1 Kafkaui-lite Project 1 Kafkaui-lite 2025-01-06 9.8 Critical
An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it.
CVE-2024-36611 1 Symfony 1 Symfony 2025-01-06 7.5 High
In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service. NOTE: the Supplier has concluded that this is a false report.
CVE-2023-32220 1 Milesight 2 Ncr\/camera, Ncr\/camera Firmware 2025-01-06 8.2 High
Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method.
CVE-2023-32219 1 Mazda 2 Mazda, Mazda Firmware 2025-01-06 6.5 Medium
A Mazda model (2015-2016) can be unlocked via an unspecified method.
CVE-2023-21245 1 Google 1 Android 2025-01-06 7.8 High
In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.