555 matches found
PT-2023-23748 · Apple · Ipados +4
Name of the Vulnerable Software and Affected Versions: Apple tvOS versions prior to 17 Apple iOS versions prior to 17 Apple iPadOS versions prior to 17 Apple watchOS versions prior to 10 Apple macOS versions prior to Sonoma 14 Description: The issue was addressed with improved handling of caches...
CloudExplorer Lite 信息泄露漏洞
CloudExplorer Lite is CloudExplorer's platform that provides out-of-the-box basic functionality for cloud hosting management, cloud billing, operational analytics, and security compliance, as well as powerful extensibility to meet the customization needs of enterprises. An information disclosure...
Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation ...
Authorization
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation ...
CVE-2023-38209 Adobe Commerce Incorrect Authorization Security feature bypass
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation ...
CVE-2023-38209 Adobe Commerce Incorrect Authorization Security feature bypass
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation ...
CVE-2023-38209
Adobe Commerce/Open Source Magento versions 2.4.4-p4–2.4.6-p1 (and earlier) are affected by an Incorrect Authorization vulnerability that permits a low-privileged attacker to access other users’ data without user interaction. The issue stems from improper access control and has a high confidentia...
PT-2023-4211 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.7.9 macOS versions prior to 12.6.8 macOS versions prior to 13.5 Description: A logic issue was addressed with improved restrictions, which may allow an app to access user-sensitive data. The issue is related to the...
CVE-2023-32367
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data...
Information disclosure
This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features...
Incorrect Authorization
Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Incorrect Authorization due to improper handling of authorization logic. An attacker can bypass security measures and access sensitive user data...
CVE-2022-36331
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo:...
PT-2023-23156 · Apache · Apache Inlong
Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.5.0 through 1.6.0 Description: This issue allows users registered in InLong who joined later to see deleted users' data. The problem is related to insecure default initialization of resources. Recommendations: For...
CVE-2023-29022
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause...
CVE-2023-29022 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause...
CVE-2023-29028 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause...
CVE-2023-29027 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause...
CVE-2023-27931
CVE-2023-27931 affects Apple OS family components where an app may access user-sensitive data. The issue was mitigated by removing the vulnerable code and is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, macOS Big Sur 11.7.3, iOS 16.4, iPadOS 16.4, tvOS 16.4, and watchOS 9.4. Connected sour...
PT-2023-19025 · Apple · Macos Ventura +3
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.3 macOS Monterey versions prior to 12.6.4 macOS Big Sur versions prior to 11.7.5 Description: A privacy issue was addressed with improved private data redaction for log entries, which may allow an app to access...
PT-2023-16804 · Unknown · Icret/Easyimages2.0
Name of the Vulnerable Software and Affected Versions: icret/easyimages2.0 versions prior to 2.6.7 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input without proper validation, allowing attackers to inject malicious scripts...