Total
1771 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38389 | 1 Artbees | 1 Jupiter X Core | 2024-08-02 | 9.8 Critical |
| Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through 3.3.8. | ||||
| CVE-2024-27105 | 2024-08-02 | 8.1 High | ||
| Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds are available. | ||||
| CVE-2023-38218 | 1 Adobe | 2 Commerce, Magento | 2024-08-02 | 8.8 High |
| Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation. | ||||
| CVE-2023-38209 | 1 Adobe | 1 Commerce | 2024-08-02 | 6.5 Medium |
| Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-36092 | 1 Dlink | 2 Dir-859, Dir-859 Firmware | 2024-08-02 | 9.8 Critical |
| Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-36090 | 1 Dlink | 2 Dir-885l, Dir-885l Firmware | 2024-08-02 | 9.8 Critical |
| Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-36994 | 1 Travianz Project | 1 Travianz | 2024-08-02 | 9.8 Critical |
| In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code. | ||||
| CVE-2023-36646 | 1 Prolion | 1 Cryptospike | 2024-08-02 | 8.8 High |
| Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation. | ||||
| CVE-2023-35166 | 1 Xwiki | 1 Xwiki | 2024-08-02 | 10 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5. | ||||
| CVE-2023-35165 | 1 Amazon | 1 Aws Cloud Development Kit | 2024-08-02 | 6.6 Medium |
| AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages `aws-cdk-lib` 2.0.0 until 2.80.0 and `@aws-cdk/aws-eks` 1.57.0 until 1.202.0, `eks.Cluster` and `eks.FargateCluster` constructs create two roles, `CreationRole` and `default MastersRole`, that have an overly permissive trust policy. The first, referred to as the `CreationRole`, is used by lambda handlers to create the cluster and deploy Kubernetes resources (e.g `KubernetesManifest`, `HelmChart`, ...) onto it. Users with CDK version higher or equal to 1.62.0 (including v2 users) may be affected. The second, referred to as the `default MastersRole`, is provisioned only if the `mastersRole` property isn't provided and has permissions to execute `kubectl` commands on the cluster. Users with CDK version higher or equal to 1.57.0 (including v2 users) may be affected. The issue has been fixed in `@aws-cdk/aws-eks` v1.202.0 and `aws-cdk-lib` v2.80.0. These versions no longer use the account root principal. Instead, they restrict the trust policy to the specific roles of lambda handlers that need it. There is no workaround available for CreationRole. To avoid creating the `default MastersRole`, use the `mastersRole` property to explicitly provide a role. | ||||
| CVE-2023-34965 | 1 Sspanel-uim Project | 1 Sspanel-uim | 2024-08-02 | 5.3 Medium |
| SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information. | ||||
| CVE-2023-34923 | 1 Topdesk | 1 Topdesk | 2024-08-02 | 8.1 High |
| XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation. | ||||
| CVE-2023-34219 | 1 Jetbrains | 1 Teamcity | 2024-08-02 | 4.3 Medium |
| In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API | ||||
| CVE-2023-34218 | 1 Jetbrains | 1 Teamcity | 2024-08-02 | 9.1 Critical |
| In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible | ||||
| CVE-2023-34161 | 1 Huawei | 1 Emui | 2024-08-02 | 7.5 High |
| nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2023-34051 | 1 Vmware | 1 Aria Operations For Logs | 2024-08-02 | 9.8 Critical |
| VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | ||||
| CVE-2023-33651 | 1 Sitecore | 4 Experience Commerce, Experience Manager, Experience Platform and 1 more | 2024-08-02 | 7.5 High |
| An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules. | ||||
| CVE-2023-33254 | 1 Quest | 1 Kace Systems Deployment Appliance | 2024-08-02 | 6.5 Medium |
| There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials. | ||||
| CVE-2023-33071 | 1 Qualcomm | 26 Qca6574, Qca6574 Firmware, Qca6574a and 23 more | 2024-08-02 | 8.4 High |
| Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities. | ||||
| CVE-2023-32967 | 1 Qnap | 2 Qts, Qutscloud | 2024-08-02 | 5 Medium |
| An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later | ||||