How severe is CVE-2023-23933?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2023-23933?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2023-23933

MEDIUM Year: 2023

CVSS v3 Score

5.7

Medium

Weakness Type

CWE-125

View all →

Vulnerability Description

OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data (e.g. averages, sums) of fields that are otherwise restricted to them. This issue only affects authenticated users who were previously granted read access to the indexes containing the restricted fields. This issue has been patched in versions 1.3.8 and 2.6.0. There are no known workarounds for this issue.

CVE-2017-13317

MEDIUM

CVSS:5.7(Medium)

In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional exe...

CWE-1252017

CVE-2017-13318

MEDIUM

CVSS:5.7(Medium)

In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privi...

CWE-1252017

CVE-2018-11293

MEDIUM

CVSS:5.7(Medium)

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_n...

CWE-1252018

CVE-2018-9566

MEDIUM

CVSS:5.7(Medium)

In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure when connecting to a malicious ...

CWE-1252018

CVE-2021-38451

MEDIUM

CVSS:5.7(Medium)

The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value ...

CWE-1252021

CVE-2022-39316

MEDIUM

CVSS:5.7(Medium)

FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based cli...

CWE-1252022

CVE-2023-23933

Vulnerability Description

Related Vulnerabilities

CVE-2017-13317

CVE-2017-13318

CVE-2018-11293

CVE-2018-9566

CVE-2021-38451

CVE-2022-39316