Total
2822 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-3304 | 1 Admidio | 1 Admidio | 2024-08-02 | 5.4 Medium |
Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | ||||
CVE-2023-3306 | 1 Ruijie | 2 Rg-ew1200g, Rg-ew1200g Firmware | 2024-08-02 | 7.3 High |
A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-231802 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-3305 | 1 Cdatatec | 1 Web Management System | 2024-08-02 | 7.3 High |
A vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231801 was assigned to this vulnerability. | ||||
CVE-2023-3303 | 1 Admidio | 1 Admidio | 2024-08-02 | 3.5 Low |
Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | ||||
CVE-2023-3273 | 1 Sick | 2 Icr890-4, Icr890-4 Firmware | 2024-08-02 | 7.5 High |
Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control. | ||||
CVE-2023-3271 | 1 Sick | 2 Icr890-4, Icr890-4 Firmware | 2024-08-02 | 8.2 High |
Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated endpoints. | ||||
CVE-2023-3099 | 1 Ubuntukylin | 1 Youker-assistant | 2024-08-02 | 4.4 Medium |
A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function delete_file in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230689 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-3096 | 1 Kylinos | 1 Kylin-software-properties | 2024-08-02 | 5.3 Medium |
A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.1-130 is able to address this issue. It is recommended to upgrade the affected component. VDB-230686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-3095 | 1 Teampass | 1 Teampass | 2024-08-02 | 6.5 Medium |
Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
CVE-2023-3018 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-08-02 | 6.3 Medium |
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230362 is the identifier assigned to this vulnerability. | ||||
CVE-2023-2903 | 1 Nfine | 1 Nfine Rapid Development Platform | 2024-08-02 | 4.3 Medium |
A vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. This affects an unknown part of the file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-2979 | 1 Abstrium | 1 Pydio Cells | 2024-08-02 | 4.7 Medium |
A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230211. | ||||
CVE-2023-2944 | 1 Open-emr | 1 Openemr | 2024-08-02 | 5.4 Medium |
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | ||||
CVE-2023-2946 | 1 Open-emr | 1 Openemr | 2024-08-02 | 8.1 High |
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | ||||
CVE-2023-2901 | 1 Nfine Rapid Development Platform Project | 1 Nfine Rapid Development Platform | 2024-08-02 | 4.3 Medium |
A vulnerability was found in NFine Rapid Development Platform 20230511. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229975. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-2902 | 1 Nfine Rapid Development Platform Project | 1 Nfine Rapid Development Platform | 2024-08-02 | 4.3 Medium |
A vulnerability was found in NFine Rapid Development Platform 20230511. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229976. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-2861 | 1 Qemu | 1 Qemu | 2024-08-02 | 6 Medium |
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. | ||||
CVE-2023-2845 | 1 Fit2cloud | 1 Cloudexplorer Lite | 2024-08-02 | 8.1 High |
Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. | ||||
CVE-2023-2674 | 1 Open-emr | 1 Openemr | 2024-08-02 | 4.3 Medium |
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | ||||
CVE-2023-2670 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-08-02 | 6.3 Medium |
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228886 is the identifier assigned to this vulnerability. |