Export limit exceeded: 349838 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10693 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10693 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46139 | 1 Kernelsu | 1 Kernelsu | 2024-11-21 | 5 Medium |
| KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic actually obtains the signature of the last block with an id of `0x7109871a`, while the verification logic during Android installation is to obtain the first one. In addition to the actual signature upgrade that has been fixed (KSU thought it was V2 but was actually V3), there is also the problem of actual signature downgrading (KSU thought it was V2 but was actually V1). Find a condition in the signature verification logic that will cause the signature not to be found error, and KernelSU does not implement the same conditions, so KSU thinks there is a V2 signature, but the APK signature verification actually uses the V1 signature. This issue is fixed in version 0.7.0. As workarounds, keep the KernelSU manager installed and avoid installing unknown apps. | ||||
| CVE-2023-46125 | 1 Ethyca | 1 Fides | 2024-11-21 | 6.5 Medium |
| Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the `GET api/v1/config` endpoint. The configuration data is filtered to suppress most sensitive configuration information before it is returned to the user, but even the filtered data contains information about the internals and the backend infrastructure, such as various settings, servers’ addresses and ports and database username. This information is useful for administrative users as well as attackers, thus it should not be revealed to low-privileged users. This vulnerability allows Admin UI users with roles lower than the owner role e.g. the viewer role to retrieve the config information using the API. The vulnerability has been patched in Fides version `2.22.1`. | ||||
| CVE-2023-45899 | 1 Idnovate | 1 Superuser | 2024-11-21 | 7.5 High |
| An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call. | ||||
| CVE-2023-45626 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-11-21 | 5.5 Medium |
| An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles. | ||||
| CVE-2023-45370 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.3 Medium |
| An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams. | ||||
| CVE-2023-45245 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-11-21 | 5.5 Medium |
| Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119. | ||||
| CVE-2023-45244 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-11-21 | 7.1 High |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391. | ||||
| CVE-2023-45240 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-11-21 | 5.5 Medium |
| Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. | ||||
| CVE-2023-45185 | 1 Ibm | 1 I Access Client Solutions | 2024-11-21 | 7.4 High |
| IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273. | ||||
| CVE-2023-44860 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | 7.5 High |
| An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request. | ||||
| CVE-2023-44689 | 1 E-gov | 1 E-gov | 2024-11-21 | 4.3 Medium |
| e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack. | ||||
| CVE-2023-44234 | 1 Devfarm | 1 Wp Gpx Maps | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through 1.7.08. | ||||
| CVE-2023-44214 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-11-21 | 5.5 Medium |
| Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. | ||||
| CVE-2023-44212 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-11-21 | 7.1 High |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477. | ||||
| CVE-2023-44211 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-11-21 | 7.1 High |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | ||||
| CVE-2023-44151 | 1 Brainstormforce | 1 Pre-publish Checklist | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through 1.1.1. | ||||
| CVE-2023-44148 | 1 Brainstormforce | 1 Astra | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7. | ||||
| CVE-2023-44113 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-43961 | 1 Dromara | 1 Sa-token | 2024-11-21 | 8.8 High |
| An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | ||||
| CVE-2023-43885 | 1 Tenda | 2 Rx9 Pro, Rx9 Pro Firmware | 2024-11-21 | 8.1 High |
| Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device. | ||||