Total
2377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25525 | 1 Nvidia | 1 Cumulus Linux | 2023-09-22 | N/A | 7.5 HIGH |
| NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure. | |||||
| CVE-2023-38206 | 1 Adobe | 1 Coldfusion | 2023-09-19 | N/A | 5.3 MEDIUM |
| Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints resulting in a low-confidentiality impact. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-38205 | 1 Adobe | 1 Coldfusion | 2023-09-19 | N/A | 7.5 HIGH |
| Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-40170 | 1 Jupyter | 1 Jupyter Server | 2023-09-15 | N/A | 6.1 MEDIUM |
| jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks. | |||||
| CVE-2023-36497 | 1 Doverfuelingsolutions | 2 Maglink Lx 3, Maglink Lx Web Console Configuration | 2023-09-15 | N/A | 8.8 HIGH |
| Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 could allow a guest user to elevate to admin privileges. | |||||
| CVE-2023-3039 | 1 Dell | 1 Sd Rom Utility | 2023-09-15 | N/A | 7.8 HIGH |
| SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access. | |||||
| CVE-2023-34469 | 1 Ami | 1 Aptio V | 2023-09-15 | N/A | 4.6 MEDIUM |
| AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality. | |||||
| CVE-2023-34470 | 1 Ami | 1 Aptio V | 2023-09-15 | N/A | 7.8 HIGH |
| AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. | |||||
| CVE-2023-40060 | 1 Solarwinds | 1 Serv-u | 2023-09-14 | N/A | 7.2 HIGH |
| A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. | |||||
| CVE-2023-35179 | 1 Solarwinds | 1 Serv-u | 2023-09-14 | N/A | 7.2 HIGH |
| A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. | |||||
| CVE-2023-40730 | 1 Siemens | 1 Qms Automotive | 2023-09-14 | N/A | 8.8 HIGH |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access confidential information, perform administrative functions, or lead to a denial-of-service condition. | |||||
| CVE-2021-36036 | 1 Magento | 1 Magento | 2023-09-14 | N/A | 7.2 HIGH |
| Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker with administrative privilege can gain access to delete the .htaccess file. This could result in the attacker achieving remote code execution. | |||||
| CVE-2021-40699 | 1 Adobe | 1 Coldfusion | 2023-09-12 | N/A | 7.4 HIGH |
| ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment. | |||||
| CVE-2023-31242 | 1 Openautomationsoftware | 1 Oas Platform | 2023-09-08 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2023-4018 | 1 Gitlab | 1 Gitlab | 2023-09-07 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects. | |||||
| CVE-2023-0120 | 1 Gitlab | 1 Gitlab | 2023-09-07 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user. | |||||
| CVE-2023-1555 | 1 Gitlab | 1 Gitlab | 2023-09-07 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API. | |||||
| CVE-2023-4650 | 1 Instantcms | 1 Instantcms | 2023-09-05 | N/A | 4.7 MEDIUM |
| Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | |||||
| CVE-2023-28809 | 1 Hikvision | 52 Ds-k1t320efwx, Ds-k1t320efwx Firmware, Ds-k1t320efx and 49 more | 2023-09-05 | N/A | 7.5 HIGH |
| Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user. | |||||
| CVE-2023-4640 | 1 Yugabyte | 1 Yugabytedb | 2023-09-05 | N/A | 7.5 HIGH |
| The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3 | |||||