Total
2821 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24022 | 1 Baicells | 5 Nova227, Nova233, Nova243 and 2 more | 2024-08-02 | 10 Critical |
| Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) | ||||
| CVE-2023-23908 | 3 Debian, Fedoraproject, Intel | 275 Debian Linux, Fedora, Microcode and 272 more | 2024-08-02 | 6 Medium |
| Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2023-23923 | 1 Moodle | 1 Moodle | 2024-08-02 | 8.2 High |
| The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality. | ||||
| CVE-2023-23835 | 1 Mendix | 1 Mendix | 2024-08-02 | 5.9 Medium |
| A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9 (All versions < V9.22.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.10), Mendix Applications using Mendix 9 (V9.18) (All versions < V9.18.4), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.15). Some of the Mendix runtime API’s allow attackers to bypass XPath constraints and retrieve information using XPath queries that trigger errors. | ||||
| CVE-2023-23911 | 1 Rocket.chat | 1 Rocket.chat | 2024-08-02 | 7.5 High |
| An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. | ||||
| CVE-2023-23615 | 1 Discourse | 1 Discourse | 2024-08-02 | 5.3 Medium |
| Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts. | ||||
| CVE-2023-23573 | 1 Intel | 1 Unite | 2024-08-02 | 4.4 Medium |
| Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2023-23446 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2024-08-02 | 7.5 High |
| Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface. | ||||
| CVE-2023-23445 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2024-08-02 | 7.5 High |
| Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface. | ||||
| CVE-2023-22920 | 1 Zyxel | 4 Lte3202-m437, Lte3202-m437 Firmware, Lte3316-m604 and 1 more | 2024-08-02 | 9.8 Critical |
| A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet. | ||||
| CVE-2023-22807 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2024-08-02 | 9.8 Critical |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol. | ||||
| CVE-2023-22805 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2024-08-02 | 6.5 Medium |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device. | ||||
| CVE-2023-22600 | 1 Inhandnetworks | 4 Inrouter302, Inrouter302 Firmware, Inrouter615-s and 1 more | 2024-08-02 | 10 Critical |
| InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An unauthorized user who knows of an existing topic name could send and receive messages to and from that topic. This includes the ability to send GET/SET configuration commands, reboot commands, and push firmware updates. | ||||
| CVE-2023-22487 | 1 Flarum | 1 Flarum | 2024-08-02 | 7.7 High |
| Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special `@"<username>"#p<id>` syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post or not: A URL to the mentioned post is inserted into the actor post HTML, leaking its discussion ID and post number. The `mentionsPosts` relationship included in the `POST /api/posts` and `PATCH /api/posts/<id>` JSON responses leaks the full JSON:API payload of all mentioned posts without any access control. This includes the content, date, number and attributes added by other extensions. An attacker only needs the ability to create new posts on the forum to exploit the vulnerability. This works even if new posts require approval. If they have the ability to edit posts, the attack can be performed even more discreetly by using a single post to scan any size of database and hiding the attack post content afterward. The attack allows the leaking of all posts in the forum database, including posts awaiting approval, posts in tags the user has no access to, and private discussions created by other extensions like FriendsOfFlarum Byobu. This also includes non-comment posts like tag changes or renaming events. The discussion payload is not leaked but using the mention HTML payload it's possible to extract the discussion ID of all posts and combine all posts back together into their original discussions even if the discussion title remains unknown. All Flarum versions prior to 1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. As a workaround, user can disable the mentions extension. | ||||
| CVE-2023-22473 | 1 Nextcloud | 1 Talk | 2024-08-02 | 2.1 Low |
| Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2. | ||||
| CVE-2023-22312 | 1 Intel | 82 Lapkc51e, Lapkc51e Firmware, Lapkc71e and 79 more | 2024-08-02 | 7.2 High |
| Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-22311 | 2024-08-02 | 6.7 Medium | ||
| Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-22293 | 2024-08-02 | 8.2 High | ||
| Improper access control in the Intel(R) Thunderbolt(TM) DCH drivers for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-22250 | 1 Adobe | 2 Commerce, Magento Open Source | 2024-08-02 | 5.3 Medium |
| Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-22232 | 1 Adobe | 1 Connect | 2024-08-02 | 5.3 Medium |
| Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction. | ||||