Total
549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3829 | 1 Elastic | 1 Elastic Cloud Enterprise | 2023-03-04 | 3.5 LOW | 5.3 MEDIUM |
| In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data. | |||||
| CVE-2023-0914 | 1 Pixelfed | 1 Pixelfed | 2023-02-28 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4. | |||||
| CVE-2018-3778 | 1 Aedes Project | 1 Aedes | 2023-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized. | |||||
| CVE-2023-21440 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture. | |||||
| CVE-2023-21436 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 3.3 LOW |
| Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID. | |||||
| CVE-2023-21429 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 3.3 LOW |
| Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID. | |||||
| CVE-2023-21424 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 3.3 LOW |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. | |||||
| CVE-2023-21423 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 5.5 MEDIUM |
| Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. | |||||
| CVE-2023-21422 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 5.5 MEDIUM |
| Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService. | |||||
| CVE-2023-21432 | 1 Samsung | 1 Smart Things | 2023-02-21 | N/A | 7.8 HIGH |
| Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner. | |||||
| CVE-2023-21433 | 1 Samsung | 1 Galaxy Store | 2023-02-17 | N/A | 7.8 HIGH |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | |||||
| CVE-2022-3229 | 2 Microsoft, Unifiedremote | 2 Windows, Unified Remote | 2023-02-15 | N/A | 9.8 CRITICAL |
| Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing. | |||||
| CVE-2019-10159 | 1 Redhat | 2 Cfme-gemset, Cloudforms | 2023-02-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available. | |||||
| CVE-2016-7097 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 3.6 LOW | 4.4 MEDIUM |
| The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. | |||||
| CVE-2023-0609 | 1 Wallabag | 1 Wallabag | 2023-02-08 | N/A | 4.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | |||||
| CVE-2023-0610 | 1 Wallabag | 1 Wallabag | 2023-02-08 | N/A | 4.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | |||||
| CVE-2022-4868 | 1 Froxlor | 1 Froxlor | 2023-01-06 | N/A | 4.3 MEDIUM |
| Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | |||||
| CVE-2022-4804 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4688 | 1 Usememos | 1 Memos | 2022-12-30 | N/A | 8.8 HIGH |
| Improper Authorization in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2017-1002151 | 1 Redhat | 1 Pagure | 2022-12-21 | 5.0 MEDIUM | 7.5 HIGH |
| Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization | |||||