Total
2747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3623 | 1 Linux | 1 Linux Kernel | 2024-02-02 | 5.0 MEDIUM | N/A |
| nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems. | |||||
| CVE-2008-6548 | 1 Moinmo | 1 Moinmoin | 2024-02-02 | 5.0 MEDIUM | N/A |
| The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors. | |||||
| CVE-2009-3781 | 1 Quicksketch | 1 Filefield | 2024-02-02 | 7.5 HIGH | N/A |
| The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors. | |||||
| CVE-2023-1114 | 1 Eskom | 1 E-belediye | 2024-02-01 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation.This issue affects e-Belediye: from 1.0.0.95 before 1.0.0.100. | |||||
| CVE-2020-35745 | 1 Phpgurukul | 1 Hospital Management System | 2024-02-01 | 6.5 MEDIUM | 8.8 HIGH |
| PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs. | |||||
| CVE-2024-21630 | 1 Zulip | 1 Zulip Server | 2024-01-31 | N/A | 4.3 MEDIUM |
| Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite users and create multi-use invitations, and has also configured only admins to be able to invite users to streams. As in CVE-2023-32677, this does not let users invite new users to arbitrary streams, only to streams that the inviter can already see. Version 8.1 fixes this issue. As a workaround, administrators can limit sending of invitations down to users who also have the permission to add users to streams. | |||||
| CVE-2023-50944 | 1 Apache | 1 Airflow | 2024-01-30 | N/A | 6.5 MEDIUM |
| Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue. | |||||
| CVE-2024-23752 | 1 Gabrieleventuri | 1 Pandasai | 2024-01-29 | N/A | 9.8 CRITICAL |
| GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660. | |||||
| CVE-2024-0679 | 1 Themegrill | 1 Colormag | 2024-01-26 | N/A | 6.5 MEDIUM |
| The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins. | |||||
| CVE-2009-2282 | 1 Oracle | 2 Opensolaris, Solaris | 2024-01-26 | 4.6 MEDIUM | N/A |
| The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors. | |||||
| CVE-2009-3168 | 1 Mevin | 1 Basic Php Events Lister | 2024-01-25 | 6.5 MEDIUM | N/A |
| Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request. | |||||
| CVE-2023-20252 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2024-01-25 | N/A | 9.8 CRITICAL |
| A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application. | |||||
| CVE-2022-20941 | 1 Cisco | 1 Firepower Management Center | 2024-01-25 | N/A | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource names. An attacker could exploit this vulnerability by sending a series of HTTPS requests to an affected device to enumerate resources on the device. A successful exploit could allow the attacker to retrieve sensitive information from the device. | |||||
| CVE-2023-34063 | 1 Vmware | 2 Aria Automation, Cloud Foundation | 2024-01-25 | N/A | 8.3 HIGH |
| Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. | |||||
| CVE-2023-48339 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-01-25 | N/A | 4.4 MEDIUM |
| In jpg driver, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed | |||||
| CVE-2022-41790 | 1 Codepeople | 1 Wp Time Slots Booking Form | 2024-01-24 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76. | |||||
| CVE-2023-23896 | 1 Mythemeshop | 1 Url Shortener | 2024-01-24 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in MyThemeShop URL Shortener by MyThemeShop.This issue affects URL Shortener by MyThemeShop: from n/a through 1.0.17. | |||||
| CVE-2022-40203 | 1 Algolplus | 1 Advanced Dynamic Pricing For Woocommerce | 2024-01-24 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5. | |||||
| CVE-2022-36418 | 1 Dcgws | 1 Hreflang Tags Lite | 2024-01-24 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through 2.0.0. | |||||
| CVE-2022-38141 | 1 Zorem | 1 Sales Report Email For Woocommerce | 2024-01-24 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.This issue affects Sales Report Email for WooCommerce: from n/a through 2.8. | |||||