ReportizFlow
Filtered by vendor
Subscriptions
Total
717 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2227 | 1 Modoboa | 1 Modoboa | 2024-11-21 | 9.1 Critical |
| Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. | ||||
| CVE-2023-28973 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | 7.1 High |
| An Improper Authorization vulnerability in the 'sysmanctl' shell command of Juniper Networks Junos OS Evolved allows a local, authenticated attacker to execute administrative commands that could impact the integrity of the system or system availability. Administrative functions such as daemon restarting, routing engine (RE) switchover, and node shutdown can all be performed through exploitation of the 'sysmanctl' command. Access to the 'sysmanctl' command is only available from the Junos shell. Neither direct nor indirect access to 'sysmanctl' is available from the Junos CLI. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R1-S2-EVO, 21.4R2-EVO. | ||||
| CVE-2023-28634 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 8.8 High |
| GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue. | ||||
| CVE-2023-28623 | 1 Zulip | 1 Zulip | 2024-11-21 | 6.5 Medium |
| Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: `ZulipLDAPAuthBackend` and an external authentication backend (any aside of `ZulipLDAPAuthBackend` and `EmailAuthBackend`) are the only ones enabled in `AUTHENTICATION_BACKENDS` in `/etc/zulip/settings.py` and 2: The organization permissions don't require invitations to join. An attacker can create a new account in the organization with an arbitrary email address in their control that's not in the organization's LDAP directory. The impact is limited to installations which have this specific combination of authentication backends as described above in addition to having `Invitations are required for joining this organization` organization permission disabled. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may enable the `Invitations are required for joining this organization` organization permission to prevent this issue. | ||||
| CVE-2023-28584 | 1 Qualcomm | 144 Aqt1000, Aqt1000 Firmware, Csrb31024 and 141 more | 2024-11-21 | 7.5 High |
| Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA). | ||||
| CVE-2023-28556 | 1 Qualcomm | 452 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 449 more | 2024-11-21 | 7.1 High |
| Cryptographic issue in HLOS during key management. | ||||
| CVE-2023-28385 | 2 Intel, Microsoft | 3 Next Unit Of Computing Firmware, Nuc Pro Software Suite, Windows | 2024-11-21 | 8.2 High |
| Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially enable escalation of privilage via local access. | ||||
| CVE-2023-28378 | 2 Intel, Microsoft | 4 Quickassist Technology, Quickassist Technology Firmware, Quickassist Technology Library and 1 more | 2024-11-21 | 6.7 Medium |
| Improper authorization in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-28325 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 6.5 Medium |
| An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room. | ||||
| CVE-2023-28318 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 5.3 Medium |
| A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices. | ||||
| CVE-2023-28317 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 5.3 Medium |
| A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order. | ||||
| CVE-2023-28055 | 1 Dell | 1 Networker | 2024-11-21 | 8.8 High |
| Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity. | ||||
| CVE-2023-27594 | 1 Cilium | 1 Cilium | 2024-11-21 | 4.2 Medium |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which Cilium is running. As a consequence, network policies for that cluster might be bypassed, depending on the specific network policies enabled. This issue only manifests when Cilium is routing IPv6 traffic and NodePorts are used to route traffic to pods. IPv6 and endpoint routes are both disabled by default. The problem has been fixed and is available on versions 1.11.15, 1.12.8, and 1.13.1. As a workaround, disable IPv6 routing. | ||||
| CVE-2023-26466 | 1 Pega | 1 Synchronization Engine | 2024-11-21 | 7.8 High |
| A user with non-Admin access can change a configuration file on the client to modify the Server URL. | ||||
| CVE-2023-25074 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 7.1 High |
| Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior. | ||||
| CVE-2023-23696 | 1 Dell | 1 Command \| Intel Vpro Out Of Band | 2024-11-21 | 7 High |
| Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system. | ||||
| CVE-2023-23568 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 4.3 Medium |
| Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior | ||||
| CVE-2023-22636 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 6.6 Medium |
| An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request. | ||||
| CVE-2023-22480 | 1 Fit2cloud | 1 Kubeoperator | 2024-11-21 | 7.3 High |
| KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4. | ||||
| CVE-2023-22428 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 7.6 High |
| Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior. | ||||