Vulnerabilities (CVE)

Filtered by CWE-284
Total 4418 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-45209 1 Peplink 2 Smart Reader, Smart Reader Firmware 2026-06-17 N/A 5.3 MEDIUM
An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
CVE-2023-44794 2 Dromara, Vmware 3 Sa-token, Spring Boot, Spring Framework 2026-06-17 N/A 9.8 CRITICAL
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.
CVE-2023-44283 1 Dell 2 Supportassist For Business Pcs, Supportassist For Home Pcs 2026-06-17 N/A 7.8 HIGH
In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.
CVE-2023-44118 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 9.1 CRITICAL
Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2023-44031 1 Reprisesoftware 1 Reprise License Manager 2026-06-17 N/A 7.5 HIGH
Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request.
CVE-2023-43901 1 Emsigner 1 Emsigner 2026-06-17 N/A 5.9 MEDIUM
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user.
CVE-2023-43849 1 Aten 2 Pe6208, Pe6208 Firmware 2026-06-17 N/A 6.5 MEDIUM
Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to submit a firmware image via HTTP POST requests. This may result in DoS or remote code execution.
CVE-2023-43848 1 Aten 2 Pe6208, Pe6208 Firmware 2026-06-17 N/A 8.0 HIGH
Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request.
CVE-2023-43847 1 Aten 2 Pe6208, Pe6208 Firmware 2026-06-17 N/A 5.3 MEDIUM
Incorrect access control in the outlet control function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to control all the outlets as if they were the administrator via HTTP POST requests.
CVE-2023-43748 1 Intel 1 Graphics Performance Analyzers Framework 2026-06-17 N/A 7.8 HIGH
Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-43626 2026-06-17 N/A 7.5 HIGH
Improper access control in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-43491 1 Peplink 2 Smart Reader, Smart Reader Firmware 2026-06-17 N/A 5.3 MEDIUM
An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
CVE-2023-43489 1 Intel 1 Computing Improvement Program 2026-06-17 N/A 5.5 MEDIUM
Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-43487 2026-06-17 N/A 4.7 MEDIUM
Improper access control in some Intel(R) CST before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-43336 1 Sangoma 1 Freepbx 2026-06-17 N/A 8.8 HIGH
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
CVE-2023-43318 1 Tp-link 2 Tl-sg2210p, Tl-sg2210p Firmware 2026-06-17 N/A 8.8 HIGH
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests.
CVE-2023-43141 1 Totolink 4 A3700r, A3700r Firmware, N600r and 1 more 2026-06-17 N/A 9.8 CRITICAL
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.
CVE-2023-43119 1 Extremenetworks 1 Exos 2026-06-17 N/A 9.8 CRITICAL
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server.
CVE-2023-43079 1 Dell 1 Emc Openmanage Server Administrator 2026-06-17 N/A 7.3 HIGH
Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise.
CVE-2023-43072 1 Dell 1 Smartfabric Storage Software 2026-06-17 N/A 4.4 MEDIUM
Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.