Total
537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4062 | 1 Schneider-electric | 1 Ecostruxure Power Commission | 2023-04-03 | N/A | 7.8 HIGH |
| A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25) | |||||
| CVE-2022-40208 | 1 Moodle | 1 Moodle | 2023-03-30 | N/A | 4.3 MEDIUM |
| In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt. | |||||
| CVE-2022-31247 | 1 Suse | 1 Rancher | 2023-03-29 | N/A | 9.1 CRITICAL |
| An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16. | |||||
| CVE-2023-21461 | 1 Samsung | 1 Android | 2023-03-23 | N/A | 5.5 MEDIUM |
| Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity. | |||||
| CVE-2023-21454 | 1 Samsung | 1 Android | 2023-03-23 | N/A | 2.4 LOW |
| Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen. | |||||
| CVE-2023-21452 | 1 Samsung | 1 Android | 2023-03-23 | N/A | 3.3 LOW |
| Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device. | |||||
| CVE-2023-0734 | 1 Wallabag | 1 Wallabag | 2023-03-09 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. | |||||
| CVE-2018-3829 | 1 Elastic | 1 Elastic Cloud Enterprise | 2023-03-04 | 3.5 LOW | 5.3 MEDIUM |
| In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data. | |||||
| CVE-2023-0914 | 1 Pixelfed | 1 Pixelfed | 2023-02-28 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4. | |||||
| CVE-2018-3778 | 1 Aedes Project | 1 Aedes | 2023-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized. | |||||
| CVE-2023-21440 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture. | |||||
| CVE-2023-21436 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 3.3 LOW |
| Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID. | |||||
| CVE-2023-21429 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 3.3 LOW |
| Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID. | |||||
| CVE-2023-21424 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 3.3 LOW |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. | |||||
| CVE-2023-21423 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 5.5 MEDIUM |
| Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. | |||||
| CVE-2023-21422 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 5.5 MEDIUM |
| Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService. | |||||
| CVE-2023-21432 | 1 Samsung | 1 Smart Things | 2023-02-21 | N/A | 7.8 HIGH |
| Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner. | |||||
| CVE-2023-21433 | 1 Samsung | 1 Galaxy Store | 2023-02-17 | N/A | 7.8 HIGH |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | |||||
| CVE-2022-3229 | 2 Microsoft, Unifiedremote | 2 Windows, Unified Remote | 2023-02-15 | N/A | 9.8 CRITICAL |
| Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing. | |||||
| CVE-2019-10159 | 1 Redhat | 2 Cfme-gemset, Cloudforms | 2023-02-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available. | |||||