Total
688 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2782 | 1 Acronis | 1 Cyber Infrastructure | 2024-08-02 | 5.5 Medium |
| Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38. | ||||
| CVE-2023-2534 | 1 Otrs | 1 Otrs | 2024-08-02 | 7.6 High |
| Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. (Fuzzing for garnering other adjacent user/sensitive data). Subscribing to all possible push events could also lead to performance implications on the server side, depending on the size of the installation and the number of active users. (Flooding)This issue affects OTRS: from 8.0.X before 8.0.32. | ||||
| CVE-2023-2345 | 1 Oretnom23 | 1 Service Provider Management System | 2024-08-02 | 6.3 Medium |
| A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_inquiry. The manipulation leads to improper authorization. The attack may be launched remotely. The identifier of this vulnerability is VDB-227588. | ||||
| CVE-2023-2227 | 1 Modoboa | 1 Modoboa | 2024-08-02 | 9.1 Critical |
| Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. | ||||
| CVE-2023-1164 | 1 Kylinos | 1 Kylin Os | 2024-08-02 | 8.4 High |
| A vulnerability was found in KylinSoft kylin-activation on KylinOS and classified as critical. Affected by this issue is some unknown functionality of the component File Import. The manipulation leads to improper authorization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.11-23 and 1.30.10-5.p23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222260. | ||||
| CVE-2023-0914 | 1 Pixelfed | 1 Pixelfed | 2024-08-02 | 5.3 Medium |
| Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4. | ||||
| CVE-2023-0822 | 1 Deltaww | 1 Diaenergie | 2024-08-02 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. | ||||
| CVE-2023-0734 | 1 Wallabag | 1 Wallabag | 2024-08-02 | 5.3 Medium |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. | ||||
| CVE-2023-0837 | 3 Apple, Microsoft, Teamviewer | 3 Macos, Windows, Remote | 2024-08-02 | 6.6 Medium |
| An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration. | ||||
| CVE-2023-0665 | 2 Hashicorp, Redhat | 3 Vault, Openshift, Openshift Data Foundation | 2024-08-02 | 6.5 Medium |
| HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9. | ||||
| CVE-2023-0609 | 1 Wallabag | 1 Wallabag | 2024-08-02 | 4.3 Medium |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | ||||
| CVE-2023-0610 | 1 Wallabag | 1 Wallabag | 2024-08-02 | 4.3 Medium |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | ||||
| CVE-2024-41670 | 2024-08-02 | 7.5 High | ||
| In the module "PayPal Official" for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is finally declined by PayPal. A logical weakness during the capture of a payment in case of disabled webhooks can be exploited to create an accepted order. This could allow a threat actor to confirm an order with a fraudulent payment support. Versions 6.4.2 and 3.18.1 contain a patch for the issue. Additionally, users enable webhooks and check they are callable. | ||||
| CVE-2024-40814 | 2024-08-02 | 7.1 High | ||
| A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.6. An app may be able to bypass Privacy preferences. | ||||
| CVE-2024-40783 | 2024-08-02 | 7.1 High | ||
| The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A malicious application may be able to bypass Privacy preferences. | ||||
| CVE-2024-39597 | 1 Sap | 2 Commerce Cloud, Commerce Hycom | 2024-08-02 | 7.2 High |
| In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registration is activated, without requiring the merchant to approve the account beforehand. If the site is not configured as isolated site, this can also grant access to other non-isolated early login sites, even if registration is not enabled for those other sites. | ||||
| CVE-2024-38371 | 1 Goauthentik | 1 Authentik | 2024-08-02 | 8.6 High |
| authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an application and access it. This issue has been patched in version(s) 2024.6.0, 2024.2.4 and 2024.4.3. | ||||
| CVE-2024-37282 | 1 Elastic | 1 Elastic Cloud Enterprise | 2024-08-02 | 8.1 High |
| It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated privileges. | ||||
| CVE-2024-37159 | 2024-08-02 | 3.5 Low | ||
| Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. This vulnerability allowed a user to create a validator using vested tokens to deposit the self-bond. This vulnerability is fixed in 18.0.0. | ||||
| CVE-2024-37167 | 2024-08-02 | 4.3 Medium | ||
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97. | ||||