Total
573 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2345 | 1 Oretnom23 | 1 Service Provider Management System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_inquiry. The manipulation leads to improper authorization. The attack may be launched remotely. The identifier of this vulnerability is VDB-227588. | |||||
| CVE-2023-2227 | 1 Modoboa | 1 Modoboa | 2024-11-21 | N/A | 9.1 CRITICAL |
| Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. | |||||
| CVE-2023-29338 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | N/A | 6.6 MEDIUM |
| Visual Studio Code Spoofing Vulnerability | |||||
| CVE-2023-28634 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 8.8 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue. | |||||
| CVE-2023-28055 | 1 Dell | 1 Networker | 2024-11-21 | N/A | 8.8 HIGH |
| Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2023-21549 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 11 more | 2024-11-21 | N/A | 8.8 HIGH |
| Windows SMB Witness Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-0734 | 1 Wallabag | 1 Wallabag | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. | |||||
| CVE-2023-0610 | 1 Wallabag | 1 Wallabag | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | |||||
| CVE-2023-0609 | 1 Wallabag | 1 Wallabag | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | |||||
| CVE-2022-4962 | 1 Apolloconfig | 1 Apollo | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive. | |||||
| CVE-2022-4868 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | |||||
| CVE-2022-4804 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4688 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Authorization in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-4062 | 1 Schneider-electric | 1 Ecostruxure Power Commission | 2024-11-21 | N/A | 7.8 HIGH |
| A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25) | |||||
| CVE-2022-3187 | 1 Dataprobe | 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets. | |||||
| CVE-2022-31168 | 1 Zulip | 1 Zulip | 2024-11-21 | N/A | 5.4 MEDIUM |
| Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server 5.5. Members who don’t own any bots, and lack permission to create them, can’t exploit the vulnerability. As a workaround for the vulnerability, an organization administrator can restrict the `Who can create bots` permission to administrators only, and change the ownership of existing bots. | |||||
| CVE-2022-30670 | 2 Adobe, Microsoft | 2 Robohelp Server, Windows | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-2901 | 1 Chatwoot | 1 Chatwoot | 2024-11-21 | N/A | 7.1 HIGH |
| Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8. | |||||
| CVE-2022-2595 | 1 Kromit | 1 Titra | 2024-11-21 | N/A | 10.0 CRITICAL |
| Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1. | |||||
| CVE-2022-29236 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced grace period. The attacker must be a meeting participant. The problem has been patched in versions 2.3.18 and 2.4-rc-6. There are currently no known workarounds. | |||||