Total
1466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20826 | 1 Atlassian | 1 Jira | 2023-03-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check. | |||||
| CVE-2019-13417 | 1 Search-guard | 1 Search Guard | 2023-03-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated. | |||||
| CVE-2023-0298 | 1 Firefly-iii | 1 Firefly Iii | 2023-03-02 | N/A | 6.5 MEDIUM |
| Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0. | |||||
| CVE-2023-23064 | 1 Totolink | 2 A720r, A720r Firmware | 2023-02-28 | N/A | 9.8 CRITICAL |
| TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. | |||||
| CVE-2018-3778 | 1 Aedes Project | 1 Aedes | 2023-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized. | |||||
| CVE-2021-32163 | 1 Linuxfoundation | 1 Modular Open Smart Network | 2023-02-28 | N/A | 9.8 CRITICAL |
| Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization. | |||||
| CVE-2019-13386 | 1 Centos-webpanel | 1 Centos Web Panel | 2023-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege. | |||||
| CVE-2018-10925 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2023-02-24 | 5.5 MEDIUM | 8.1 HIGH |
| It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. | |||||
| CVE-2023-24485 | 1 Citrix | 1 Workspace | 2023-02-24 | N/A | 7.8 HIGH |
| Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. | |||||
| CVE-2018-20685 | 9 Canonical, Debian, Fujitsu and 6 more | 30 Ubuntu Linux, Debian Linux, M10-1 and 27 more | 2023-02-23 | 2.6 LOW | 5.3 MEDIUM |
| In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. | |||||
| CVE-2023-0091 | 1 Redhat | 2 Keycloak, Single Sign-on | 2023-02-22 | N/A | 3.8 LOW |
| A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information. | |||||
| CVE-2023-21424 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 3.3 LOW |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. | |||||
| CVE-2023-21423 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 5.5 MEDIUM |
| Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. | |||||
| CVE-2023-21422 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 5.5 MEDIUM |
| Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService. | |||||
| CVE-2018-10910 | 2 Bluez, Canonical | 2 Bluez, Ubuntu Linux | 2023-02-13 | 2.1 LOW | 3.3 LOW |
| A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable. | |||||
| CVE-2014-8109 | 4 Apache, Canonical, Fedoraproject and 1 more | 4 Http Server, Ubuntu Linux, Fedora and 1 more | 2023-02-13 | 4.3 MEDIUM | N/A |
| mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory. | |||||
| CVE-2014-3520 | 1 Openstack | 1 Keystone | 2023-02-13 | 6.5 MEDIUM | N/A |
| OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request. | |||||
| CVE-2021-3499 | 1 Ovn | 1 Ovn-kubernetes | 2023-02-12 | 6.8 MEDIUM | 5.6 MEDIUM |
| A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules. It could lead to potentially lose of confidentiality, integrity or availability of a service. | |||||
| CVE-2019-3887 | 4 Canonical, Fedoraproject, Linux and 1 more | 11 Ubuntu Linux, Fedora, Linux Kernel and 8 more | 2023-02-12 | 4.7 MEDIUM | 5.6 MEDIUM |
| A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue. | |||||
| CVE-2017-7470 | 1 Redhat | 2 Satellite, Spacewalk | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py. | |||||