Total
3923 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-44292 | 1 Dell | 1 Repository Manager | 2024-11-21 | 6.7 Medium |
| Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | ||||
| CVE-2023-44290 | 1 Dell | 1 Command\|monitor | 2024-11-21 | 7.3 High |
| Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation. | ||||
| CVE-2023-44283 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | 7.8 High |
| In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC. | ||||
| CVE-2023-44282 | 1 Dell | 1 Repository Manager | 2024-11-21 | 6.7 Medium |
| Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | ||||
| CVE-2023-44248 | 1 Fortinet | 1 Fortiedr | 2024-11-21 | 4 Medium |
| An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service. | ||||
| CVE-2023-44118 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2023-43901 | 1 Emsigner | 1 Emsigner | 2024-11-21 | 5.9 Medium |
| Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user. | ||||
| CVE-2023-43814 | 1 Discourse | 1 Discourse | 2024-11-21 | 3.7 Low |
| Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upgrading to the fixed version. | ||||
| CVE-2023-43696 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-11-21 | 8.2 High |
| Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. | ||||
| CVE-2023-43487 | 2024-11-21 | 4.7 Medium | ||
| Improper access control in some Intel(R) CST before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-43336 | 1 Sangoma | 1 Freepbx | 2024-11-21 | 8.8 High |
| Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. | ||||
| CVE-2023-43318 | 1 Tp-link | 2 Tl-sg2210p, Tl-sg2210p Firmware | 2024-11-21 | 8.8 High |
| TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests. | ||||
| CVE-2023-43141 | 1 Totolink | 4 A3700r, A3700r Firmware, N600r and 1 more | 2024-11-21 | 9.8 Critical |
| TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. | ||||
| CVE-2023-43119 | 1 Extremenetworks | 1 Exos | 2024-11-21 | 9.8 Critical |
| An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server. | ||||
| CVE-2023-43089 | 1 Dell | 1 Rugged Control Center | 2024-11-21 | 4.4 Medium |
| Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources. | ||||
| CVE-2023-43086 | 1 Dell | 1 Command\|configure | 2024-11-21 | 7.3 High |
| Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation. | ||||
| CVE-2023-43072 | 1 Dell | 1 Smartfabric Storage Software | 2024-11-21 | 4.4 Medium |
| Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands. | ||||
| CVE-2023-41882 | 1 Vantage6 | 1 Vantage6 | 2024-11-21 | 5.4 Medium |
| vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds. | ||||
| CVE-2023-41721 | 1 Ui | 6 Unifi Dream Machine, Unifi Dream Machine Pro, Unifi Dream Machine Special Edition and 3 more | 2024-11-21 | 5.3 Medium |
| Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later. | ||||
| CVE-2023-41679 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 7.7 High |
| An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs | ||||