ReportizFlow
Filtered by vendor
Subscriptions
Total
1330 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21424 | 1 Samsung | 1 Android | 2025-03-24 | 5.1 Medium |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. | ||||
| CVE-2023-21429 | 1 Samsung | 1 Android | 2025-03-24 | 4 Medium |
| Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID. | ||||
| CVE-2023-21432 | 1 Samsung | 1 Smart Things | 2025-03-24 | 4.2 Medium |
| Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner. | ||||
| CVE-2023-21433 | 1 Samsung | 1 Galaxy Store | 2025-03-24 | 7.8 High |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | ||||
| CVE-2023-21436 | 1 Samsung | 1 Android | 2025-03-24 | 3.3 Low |
| Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID. | ||||
| CVE-2023-21440 | 1 Samsung | 1 Android | 2025-03-24 | 6.2 Medium |
| Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture. | ||||
| CVE-2024-2317 | 1 Bdtask | 1 Hospital Automanager | 2025-03-24 | 3.8 Low |
| A vulnerability was found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This issue affects some unknown processing of the file /prescription/prescription/delete/ of the component Prescription Page. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-50780 | 1 Apache | 1 Activemq Artemis | 2025-03-20 | 8.8 High |
| Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE. Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue. | ||||
| CVE-2023-22938 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-03-19 | 4.3 Medium |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance. | ||||
| CVE-2024-46942 | 1 Opendaylight | 2 Md-sal, Model-driven Service Abstraction Layer | 2025-03-14 | 9.1 Critical |
| In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment. | ||||
| CVE-2024-21137 | 2 Oracle, Redhat | 2 Mysql, Enterprise Linux | 2025-03-14 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2024-36130 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-03-14 | 9.8 Critical |
| An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance. | ||||
| CVE-2023-52539 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-32707 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-03-11 | 8.8 High |
| In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests. | ||||
| CVE-2023-22480 | 1 Fit2cloud | 1 Kubeoperator | 2025-03-11 | 7.3 High |
| KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4. | ||||
| CVE-2023-0734 | 1 Wallabag | 1 Wallabag | 2025-03-06 | 5.3 Medium |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. | ||||
| CVE-2023-42541 | 1 Samsung | 1 Push Service | 2025-03-06 | 4 Medium |
| Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. | ||||
| CVE-2023-33142 | 1 Microsoft | 1 Sharepoint Server | 2025-02-28 | 6.5 Medium |
| Microsoft SharePoint Server Elevation of Privilege Vulnerability | ||||
| CVE-2022-46752 | 1 Dell | 150 Inspiron 14 Plus 7420, Inspiron 14 Plus 7420 Firmware, Inspiron 14 Plus 7620 and 147 more | 2025-02-28 | 4.6 Medium |
| Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2023-32709 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 4.3 Medium |
| In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint. | ||||