Vulnerabilities (CVE)

Filtered by CWE-284
Total 4417 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-28877 1 Vtex 1 Apps-graphql 2026-06-17 N/A 7.5 HIGH
The VTEX apps-graphql@2.x GraphQL API module does not properly restrict unauthorized access to private configuration data. (apps-graphql@3.x is unaffected by this issue.)
CVE-2023-28844 1 Nextcloud 1 Nextcloud Server 2026-06-17 N/A 5.7 MEDIUM
Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-28715 1 Intel 1 Oneapi 2026-06-17 N/A 5.0 MEDIUM
Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-28714 2 Intel, Microsoft 2 Proset\/wireless Wifi, Windows 2026-06-17 N/A 8.2 HIGH
Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-28645 1 Nextcloud 1 Richdocuments 2026-06-17 N/A 5.7 MEDIUM
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the `WOPI configuration` is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud.
CVE-2023-28531 2 Netapp, Openbsd 4 Brocade Fabric Operating System, Hci Bootstrap Os, Solidfire Element Os and 1 more 2026-06-17 N/A 9.8 CRITICAL
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
CVE-2023-28443 1 Monospace 1 Directus 2026-06-17 N/A 4.2 MEDIUM
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3.
CVE-2023-28372 1 Purestorage 1 Purity 2026-06-17 N/A 6.5 MEDIUM
A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.
CVE-2023-28312 1 Microsoft 1 Azure Machine Learning 2026-06-17 N/A 6.5 MEDIUM
Azure Machine Learning Information Disclosure Vulnerability
CVE-2023-28300 1 Microsoft 1 Azure Service Connector 2026-06-17 N/A 7.5 HIGH
Azure Service Connector Security Feature Bypass Vulnerability
CVE-2023-28246 1 Microsoft 3 Windows 11 21h2, Windows 11 22h2, Windows Server 2022 2026-06-17 N/A 7.8 HIGH
Windows Registry Elevation of Privilege Vulnerability
CVE-2023-28197 1 Apple 1 Macos 2026-06-17 N/A 3.3 LOW
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data.
CVE-2023-28070 1 Dell 1 Alienware Command Center 2026-06-17 N/A 6.7 MEDIUM
Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation.
CVE-2023-28066 1 Dell 1 Os Recovery Tool 2026-06-17 N/A 7.3 HIGH
Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system.
CVE-2023-27875 3 Ibm, Linux, Microsoft 3 Aspera Faspex, Linux Kernel, Windows 2026-06-17 N/A 7.5 HIGH
IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.
CVE-2023-27517 1 Intel 16 Nma1xxd128gpsu4, Nma1xxd128gpsuf, Nma1xxd256gpsu4 and 13 more 2026-06-17 N/A 6.6 MEDIUM
Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.
CVE-2023-27350 1 Papercut 2 Papercut Mf, Papercut Ng 2026-06-17 N/A 9.8 CRITICAL
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
CVE-2023-27303 1 Intel 1 Thunderbolt Dch Driver 2026-06-17 N/A 3.8 LOW
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-27301 1 Intel 1 Thunderbolt Dch Driver 2026-06-17 N/A 4.2 MEDIUM
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-27268 1 Sap 1 Netweaver Application Server For Java 2026-06-17 N/A 5.3 MEDIUM
SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability., resulting in escalation of privileges.