Total
3416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0411 | 1 Csdeshang | 1 Dsmall | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in DeShang DSMall up to 6.1.0. It has been classified as problematic. This affects an unknown part of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250431. | |||||
| CVE-2024-0358 | 1 Csdeshang | 1 Dso2o | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in DeShang DSO2O up to 4.1.0. It has been classified as critical. This affects an unknown part of the file /install/install.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250125 was assigned to this vulnerability. | |||||
| CVE-2024-0356 | 1 Mandelo | 1 Ssm Shiro Blog | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file updateRoles of the component Backend. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250123. | |||||
| CVE-2023-7223 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. This affects an unknown part of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6773 | 1 Codeastro | 1 Pos And Inventory Management System | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /accounts_con/register_account of the component User Creation Handler. The manipulation of the argument account_type with the input Admin leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247909 was assigned to this vulnerability. | |||||
| CVE-2023-6761 | 1 Thecosy | 1 Icecms | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. This issue affects some unknown processing of the component User Data Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247889 was assigned to this vulnerability. | |||||
| CVE-2023-6758 | 1 Thecosy | 1 Icecms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adplanet/PlanetCommentList of the component API. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247886 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-5833 | 1 Mintplexlabs | 1 Anythingllm | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | |||||
| CVE-2023-5365 | 1 Hp | 1 Life | 2024-11-21 | N/A | 9.8 CRITICAL |
| HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure. | |||||
| CVE-2023-5240 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | N/A | 7.5 HIGH |
| Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request. | |||||
| CVE-2023-52114 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Data confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2023-52105 | 1 Huawei | 1 Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-51786 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows attackers to escalate privileges and obtain sensitive information via Incorrect Access Control. | |||||
| CVE-2023-51070 | 1 Qstar | 1 Archive Storage Manager | 2024-11-21 | N/A | 7.5 HIGH |
| An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server. | |||||
| CVE-2023-50928 | 1 Amazon | 1 Awslabs Sandbox Accounts For Events | 2024-11-21 | N/A | 7.1 HIGH |
| "Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0. | |||||
| CVE-2023-50783 | 1 Apache | 1 Airflow | 2024-11-21 | N/A | 6.5 MEDIUM |
| Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are recommended to upgrade to 2.8.0, which fixes this issue | |||||
| CVE-2023-50702 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged users have write access to %PROGRAMDATA%\SSCService). Consequently, low-privileged users can execute arbitrary code as LocalSystem. | |||||
| CVE-2023-50181 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 4.9 MEDIUM |
| An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests. | |||||
| CVE-2023-4696 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. | |||||
| CVE-2023-4650 | 1 Instantcms | 1 Instantcms | 2024-11-21 | N/A | 4.7 MEDIUM |
| Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | |||||