CVE-2023-28202

MEDIUM Year: 2023
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-640
View all →

Vulnerability Description

This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app firewall setting may not take effect after exiting the Settings app.

Related Vulnerabilities

CVE-2017-8385

MEDIUM
CVSS:5.3(Medium)

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.

CWE-6402017

CVE-2018-10210

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature.

CWE-6402018

CVE-2019-14955

MEDIUM
CVSS:5.3(Medium)

In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.

CWE-6402019

CVE-2020-14016

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. ...

CWE-6402020

CVE-2021-36436

MEDIUM
CVSS:5.3(Medium)

An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint.

CWE-6402021

CVE-2022-34530

MEDIUM
CVSS:5.3(Medium)

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.

CWE-6402022