Total
3285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6303 | 1 Conduit | 1 Conduit | 2024-09-20 | 9.9 Critical |
| Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the server's key, deactivating users, and more | ||||
| CVE-2023-44151 | 1 Brainstormforce | 1 Pre-publish Checklist | 2024-09-20 | 5.4 Medium |
| Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through 1.1.1. | ||||
| CVE-2023-39298 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-09-20 | 7.8 High |
| A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors. QuTScloud, is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2737 build 20240417 and later QuTS hero h5.2.0.2782 build 20240601 and later | ||||
| CVE-2023-3770 | 1 Ingeteam | 2 Ingepac Da3451, Ingepac Da3451 Firmware | 2024-09-20 | 5.3 Medium |
| Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication. | ||||
| CVE-2023-44214 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-09-20 | 5.5 Medium |
| Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. | ||||
| CVE-2023-45240 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-09-20 | 5.5 Medium |
| Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. | ||||
| CVE-2024-4450 | 1 Ali2woo | 1 Aliexpress Dropshipping With Alinext | 2024-09-20 | 6.3 Medium |
| The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions like importing and modifying products. | ||||
| CVE-2023-4997 | 1 Prointegra | 1 Uptimedc | 2024-09-19 | 8.8 High |
| Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation. | ||||
| CVE-2023-44212 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-09-19 | 7.1 High |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477. | ||||
| CVE-2023-40650 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-09-19 | 5.5 Medium |
| In Telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-40631 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-09-19 | 4.4 Medium |
| In Dialer, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed | ||||
| CVE-2023-45370 | 1 Mediawiki | 1 Mediawiki | 2024-09-19 | 5.3 Medium |
| An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams. | ||||
| CVE-2023-40654 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-09-19 | 6.7 Medium |
| In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed | ||||
| CVE-2023-45245 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-09-19 | 5.5 Medium |
| Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119. | ||||
| CVE-2023-40633 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-09-19 | 5.5 Medium |
| In phasecheckserver, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-40643 | 2 Google, Unisoc | 2 Android, Sc9863a | 2024-09-19 | 5.5 Medium |
| In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-40644 | 2 Google, Unisoc | 2 Android, Sc9863a | 2024-09-19 | 5.5 Medium |
| In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-40645 | 2 Google, Unisoc | 2 Android, Sc9863a | 2024-09-19 | 5.5 Medium |
| In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-40646 | 2 Google, Unisoc | 2 Android, Sc9863a | 2024-09-19 | 5.5 Medium |
| In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-40647 | 2 Google, Unisoc | 2 Android, Sc9863a | 2024-09-19 | 5.5 Medium |
| In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||