Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by NVD-CWE-Other
Total 27865 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-27010 1 Wondershare 1 Dr.phone 2023-03-22 N/A 7.8 HIGH
Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable.
CVE-2023-27875 3 Ibm, Linux, Microsoft 3 Aspera Faspex, Linux Kernel, Windows 2023-03-21 N/A 7.5 HIGH
IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.
CVE-2023-24368 1 Temenos 1 T24 2023-03-21 N/A 6.5 MEDIUM
** DISPUTED ** Incorrect access control in Temenos T24 Release 20 allows attackers to gain unauthorized access to sensitive information via a crafted POST request to HELPTEXT.MAINMENU. NOTE: the vendor's position is that "the access level granted is in line with business requirement."
CVE-2023-26284 1 Ibm 1 Mq Certified Container 2023-03-18 N/A 8.8 HIGH
IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417.
CVE-2023-24468 1 Netiq 1 Advanced Authentication 2023-03-18 N/A 9.8 CRITICAL
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
CVE-2022-40196 1 Intel 1 Oneapi Dpc\+\+\/c\+\+ Compiler 2023-03-16 N/A 7.8 HIGH
Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 and Intel C++ Compiler Classic before version 2021.7.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-0348 1 Akuvox 2 E11, E11 Firmware 2023-03-16 N/A 7.5 HIGH
Akuvox E11 allows direct SIP calls. No access control is enforced by the SIP servers, which could allow an attacker to contact any device within Akuvox to call any other device.
CVE-2023-23919 1 Nodejs 1 Node.js 2023-03-16 N/A 7.5 HIGH
A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.
CVE-2023-25144 2 Microsoft, Trendmicro 2 Windows, Apex One 2023-03-16 N/A 7.8 HIGH
An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership.
CVE-2023-1201 1 Devolutions 1 Devolutions Server 2023-03-15 N/A 6.5 MEDIUM
Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains.
CVE-2022-25709 1 Qualcomm 136 Ar8035, Ar8035 Firmware, Qca6174a and 133 more 2023-03-15 N/A 7.8 HIGH
Memory corruption in modem due to use of out of range pointer offset while processing qmi msg
CVE-2022-25694 1 Qualcomm 416 Apq8009, Apq8009 Firmware, Apq8009w and 413 more 2023-03-15 N/A 7.8 HIGH
Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM
CVE-2018-25081 1 Bitwarden 1 Bitwarden 2023-03-15 N/A 7.5 HIGH
** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that "Auto-fill on page load" is not enabled by default.
CVE-2022-46752 1 Dell 150 Inspiron 14 Plus 7420, Inspiron 14 Plus 7420 Firmware, Inspiron 14 Plus 7620 and 147 more 2023-03-15 N/A 4.6 MEDIUM
Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.
CVE-2023-0839 1 Inscada Project 1 Inscada 2023-03-15 N/A 9.8 CRITICAL
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1.
CVE-2022-22297 1 Fortinet 2 Fortirecorder Firmware, Fortiweb 2023-03-14 N/A 5.5 MEDIUM
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.
CVE-2023-25605 1 Fortinet 1 Fortisoar 2023-03-14 N/A 7.2 HIGH
A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.
CVE-2022-40633 1 Rittal 2 Cmc Iii, Cmc Iii Firmware 2023-03-14 N/A 4.6 MEDIUM
A malicious actor can clone access cards used to open control cabinets secured with Rittal CMC III locks.
CVE-2022-2835 1 Coredns.io 1 Coredns 2023-03-14 N/A 4.4 MEDIUM
A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of <service>.<namespace>.svc.
CVE-2020-10749 3 Fedoraproject, Linuxfoundation, Redhat 4 Fedora, Cni Network Plugins, Enterprise Linux and 1 more 2023-03-14 6.0 MEDIUM 6.0 MEDIUM
A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.