Total
2822 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2576 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch. | ||||
| CVE-2023-2429 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 9.8 Critical |
| Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | ||||
| CVE-2023-2202 | 1 Rosariosis | 1 Rosariosis | 2024-08-02 | 6.5 Medium |
| Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. | ||||
| CVE-2023-2183 | 2 Grafana, Redhat | 2 Grafana, Ceph Storage | 2024-08-02 | 4.1 Medium |
| Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function. This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server. Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix. | ||||
| CVE-2023-2104 | 1 Easyappointments | 1 Easyappointments | 2024-08-02 | 5.4 Medium |
| Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-1883 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 5.4 Medium |
| Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1862 | 1 Cloudflare | 1 Warp | 2024-08-02 | 7.3 High |
| Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target's device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target's device must've been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target's credentials. | ||||
| CVE-2023-1936 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 3.5 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to leak the email address of a user who created a service desk issue. | ||||
| CVE-2023-1834 | 1 Rockwellautomation | 2 Kinetix 5500, Kinetix 5500 Firmware | 2024-08-02 | 9.4 Critical |
| Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized access to the device through the open ports. | ||||
| CVE-2023-1647 | 1 Cal | 1 Cal.com | 2024-08-02 | 8.8 High |
| Improper Access Control in GitHub repository calcom/cal.com prior to 2.7. | ||||
| CVE-2023-1557 | 1 E-commerce System Project | 1 E-commerce System | 2024-08-02 | 6.3 Medium |
| A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ecommerce/admin/user/controller.php?action=edit of the component Username Handler. The manipulation of the argument USERID leads to improper access controls. The attack may be launched remotely. VDB-223550 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1491 | 1 Maxpcsecure | 1 Anti Virus Plus | 2024-08-02 | 4.4 Medium |
| A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects the function 0x220020 in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-223377 was assigned to this vulnerability. | ||||
| CVE-2023-1489 | 1 Wisecleaner | 1 Wise System Monitor | 2024-08-02 | 7.8 High |
| A vulnerability has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 and classified as critical. Affected by this vulnerability is the function 0x9C402088 in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223375. | ||||
| CVE-2023-1453 | 1 Watchdog | 1 Anti-virus | 2024-08-02 | 4.4 Medium |
| A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has been rated as critical. Affected by this issue is the function 0x80002008 in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223298 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1490 | 1 Maxpcsecure | 1 Anti Virus Plus | 2024-08-02 | 4.4 Medium |
| A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and classified as critical. Affected by this issue is the function 0x220020 in the library SDActMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223376. | ||||
| CVE-2023-1486 | 1 Wisecleaner | 1 Wise Force Deleter | 2024-08-02 | 4.4 Medium |
| A vulnerability classified as problematic was found in Lespeed WiseCleaner Wise Force Deleter 1.5.3.54. This vulnerability affects the function 0x220004 in the library WiseUnlock64.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223372. | ||||
| CVE-2023-1432 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-08-02 | 7.3 High |
| A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save_settings of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be launched remotely. VDB-223214 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1007 | 1 Filseclab | 1 Twister Antivirus | 2024-08-02 | 5.3 Medium |
| A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740. | ||||
| CVE-2023-1083 | 2024-08-02 | 9.8 Critical | ||
| An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. | ||||
| CVE-2023-0963 | 1 Music Gallery Site Project | 1 Music Gallery Site | 2024-08-02 | 7.3 High |
| A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability. | ||||