Total
3285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32789 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-02 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-32677 | 1 Zulip | 1 Zulip | 2024-08-02 | 3.1 Low |
| Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite a new user also allows them to set the streams that the new user is invited to -- even if the inviting user would not have permissions to add an existing user to streams. While such a configuration is likely rare in practice, the behavior does violate security-related controls. This does not let a user invite new users to streams they cannot see, or would not be able to add users to if they had that general permission. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may limit sending of invitations down to users who also have the permission to add users to streams. | ||||
| CVE-2023-32316 | 1 Fit2cloud | 1 Cloudexplorer | 2024-08-02 | 7.1 High |
| CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-32311 | 1 Fit2cloud | 1 Cloudexplorer | 2024-08-02 | 7.1 High |
| CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2023-32295 | 2024-08-02 | 6.3 Medium | ||
| Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3. | ||||
| CVE-2023-32129 | 2024-08-02 | 4.3 Medium | ||
| Missing Authorization vulnerability in Sparkle WP Editorialmag editorialmag.This issue affects Editorialmag: from n/a through 1.1.9. | ||||
| CVE-2023-32127 | 2024-08-02 | 5.3 Medium | ||
| Missing Authorization vulnerability in Daniel Powney Multi Rating allows Functionality Misuse.This issue affects Multi Rating: from n/a through 5.0.6. | ||||
| CVE-2023-32112 | 1 Sap | 2 S4core, Vendor Master Hierarchy | 2024-08-02 | 2.8 Low |
| Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system. | ||||
| CVE-2023-31826 | 1 Skyscreamer | 1 Nevado Jms | 2024-08-02 | 7.8 High |
| Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data. | ||||
| CVE-2023-31234 | 2024-08-02 | 6.3 Medium | ||
| Missing Authorization vulnerability in Tilda Publishing.This issue affects Tilda Publishing: from n/a through 0.3.23. | ||||
| CVE-2023-30948 | 1 Palantir | 1 Foundry Comments | 2024-08-02 | 6.5 Medium |
| A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content. This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time. | ||||
| CVE-2023-30933 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-02 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-30939 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-02 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-30941 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-02 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-30927 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-02 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-30929 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-02 | 7.8 High |
| In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | ||||
| CVE-2023-30925 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-02 | 5.5 Medium |
| In opm service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-30924 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-02 | 5.5 Medium |
| In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-30930 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-02 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-30931 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-02 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||