Total
27865 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-27010 | 1 Wondershare | 1 Dr.phone | 2023-03-22 | N/A | 7.8 HIGH |
Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable. | |||||
CVE-2023-27875 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2023-03-21 | N/A | 7.5 HIGH |
IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847. | |||||
CVE-2023-24368 | 1 Temenos | 1 T24 | 2023-03-21 | N/A | 6.5 MEDIUM |
** DISPUTED ** Incorrect access control in Temenos T24 Release 20 allows attackers to gain unauthorized access to sensitive information via a crafted POST request to HELPTEXT.MAINMENU. NOTE: the vendor's position is that "the access level granted is in line with business requirement." | |||||
CVE-2023-26284 | 1 Ibm | 1 Mq Certified Container | 2023-03-18 | N/A | 8.8 HIGH |
IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417. | |||||
CVE-2023-24468 | 1 Netiq | 1 Advanced Authentication | 2023-03-18 | N/A | 9.8 CRITICAL |
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2 | |||||
CVE-2022-40196 | 1 Intel | 1 Oneapi Dpc\+\+\/c\+\+ Compiler | 2023-03-16 | N/A | 7.8 HIGH |
Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 and Intel C++ Compiler Classic before version 2021.7.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-0348 | 1 Akuvox | 2 E11, E11 Firmware | 2023-03-16 | N/A | 7.5 HIGH |
Akuvox E11 allows direct SIP calls. No access control is enforced by the SIP servers, which could allow an attacker to contact any device within Akuvox to call any other device. | |||||
CVE-2023-23919 | 1 Nodejs | 1 Node.js | 2023-03-16 | N/A | 7.5 HIGH |
A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service. | |||||
CVE-2023-25144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-03-16 | N/A | 7.8 HIGH |
An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership. | |||||
CVE-2023-1201 | 1 Devolutions | 1 Devolutions Server | 2023-03-15 | N/A | 6.5 MEDIUM |
Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains. | |||||
CVE-2022-25709 | 1 Qualcomm | 136 Ar8035, Ar8035 Firmware, Qca6174a and 133 more | 2023-03-15 | N/A | 7.8 HIGH |
Memory corruption in modem due to use of out of range pointer offset while processing qmi msg | |||||
CVE-2022-25694 | 1 Qualcomm | 416 Apq8009, Apq8009 Firmware, Apq8009w and 413 more | 2023-03-15 | N/A | 7.8 HIGH |
Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM | |||||
CVE-2018-25081 | 1 Bitwarden | 1 Bitwarden | 2023-03-15 | N/A | 7.5 HIGH |
** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that "Auto-fill on page load" is not enabled by default. | |||||
CVE-2022-46752 | 1 Dell | 150 Inspiron 14 Plus 7420, Inspiron 14 Plus 7420 Firmware, Inspiron 14 Plus 7620 and 147 more | 2023-03-15 | N/A | 4.6 MEDIUM |
Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. | |||||
CVE-2023-0839 | 1 Inscada Project | 1 Inscada | 2023-03-15 | N/A | 9.8 CRITICAL |
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1. | |||||
CVE-2022-22297 | 1 Fortinet | 2 Fortirecorder Firmware, Fortiweb | 2023-03-14 | N/A | 5.5 MEDIUM |
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments. | |||||
CVE-2023-25605 | 1 Fortinet | 1 Fortisoar | 2023-03-14 | N/A | 7.2 HIGH |
A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests. | |||||
CVE-2022-40633 | 1 Rittal | 2 Cmc Iii, Cmc Iii Firmware | 2023-03-14 | N/A | 4.6 MEDIUM |
A malicious actor can clone access cards used to open control cabinets secured with Rittal CMC III locks. | |||||
CVE-2022-2835 | 1 Coredns.io | 1 Coredns | 2023-03-14 | N/A | 4.4 MEDIUM |
A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of <service>.<namespace>.svc. | |||||
CVE-2020-10749 | 3 Fedoraproject, Linuxfoundation, Redhat | 4 Fedora, Cni Network Plugins, Enterprise Linux and 1 more | 2023-03-14 | 6.0 MEDIUM | 6.0 MEDIUM |
A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container. |