Total
2377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31138 | 1 Dhis2 | 1 Dhis 2 | 2023-05-16 | N/A | 6.5 MEDIUM |
| DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an object may be able to modify related objects that they should not have access to. DHIS2 implementers should upgrade to a supported version of DHIS2 to receive a patch: 2.37.9.1, 2.38.3.1, or 2.39.1.2. It is possible to work around this issue by blocking all PATCH requests on a reverse proxy, but this may cause some issues with the functionality of built-in applications using legacy PATCH requests. | |||||
| CVE-2023-21495 | 1 Samsung | 1 Android | 2023-05-10 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set. | |||||
| CVE-2023-21493 | 1 Samsung | 1 Android | 2023-05-10 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data. | |||||
| CVE-2023-21491 | 1 Samsung | 1 Android | 2023-05-10 | N/A | 7.8 HIGH |
| Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege. | |||||
| CVE-2023-21490 | 1 Samsung | 1 Android | 2023-05-10 | N/A | 7.1 HIGH |
| Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager. | |||||
| CVE-2023-21488 | 1 Samsung | 1 Android | 2023-05-10 | N/A | 7.8 HIGH |
| Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips. | |||||
| CVE-2023-28070 | 1 Dell | 1 Alienware Command Center | 2023-05-09 | N/A | 7.8 HIGH |
| Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation. | |||||
| CVE-2023-24512 | 1 Arista | 110 32qd, 48ehs, 48lbas and 107 more | 2023-05-09 | N/A | 6.5 MEDIUM |
| On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision | |||||
| CVE-2023-25496 | 1 Lenovo | 1 Drivers Management | 2023-05-08 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges. | |||||
| CVE-2023-2429 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-05-06 | N/A | 9.8 CRITICAL |
| Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | |||||
| CVE-2023-2112 | 1 M-files | 1 M-files Server | 2023-05-02 | N/A | 7.8 HIGH |
| Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0. | |||||
| CVE-2023-2202 | 1 Rosariosis | 1 Rosariosis | 2023-05-02 | N/A | 6.5 MEDIUM |
| Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. | |||||
| CVE-2023-29513 | 1 Xwiki | 1 Xwiki | 2023-04-28 | N/A | 4.3 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. If guest has view right on any document. It's possible to create a new user using the `distribution/firstadminuser.wiki` in the wrong context. This vulnerability has been patched in XWiki 15.0-rc-1 and 14.10.1. There is no known workaround other than upgrading. | |||||
| CVE-2023-30539 | 1 Nextcloud | 2 Nextcloud Files Automated Tagging, Nextcloud Server | 2023-04-27 | N/A | 8.8 HIGH |
| Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system tag based files access control or files retention rules. It is recommended that the Nextcloud Server is upgraded to 24.0.11 or 25.0.5, the Nextcloud Enterprise Server to 21.0.9.11, 22.2.10.11, 23.0.12.6, 24.0.11 or 25.0.5, and the Nextcloud Files automated tagging app to 1.11.1, 1.12.1, 1.13.1, 1.14.2, 1.15.3 or 1.16.1. Users unable to upgrade should disable all workflow related apps. Users are advised to upgrade. | |||||
| CVE-2015-0150 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2023-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2023-2104 | 1 Easyappointments | 1 Easyappointments | 2023-04-24 | N/A | 5.4 MEDIUM |
| Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | |||||
| CVE-2023-28808 | 1 Hikvision | 20 Ds-a71024, Ds-a71024 Firmware, Ds-a71048 and 17 more | 2023-04-24 | N/A | 9.8 CRITICAL |
| Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices. | |||||
| CVE-2023-26408 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-04-21 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-26406 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-04-21 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-21950 | 2 Opensuse, Suse | 4 Backports Sle, Canna, Factory and 1 more | 2023-04-14 | N/A | 5.3 MEDIUM |
| A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there. | |||||