CVE-2023-29290

MEDIUM Year: 2023
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-353
View all →

Vulnerability Description

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.

Related Vulnerabilities

CVE-2025-32882

MEDIUM
CVSS:5.3(Medium)

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves m...

CWE-3532025

CVE-2025-32890

MEDIUM
CVSS:5.3(Medium)

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves mess...

CWE-3532025

CVE-2020-7807

MEDIUM
CVSS:5.5(Medium)

A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing S...

CWE-3532020

CVE-2021-28546

MEDIUM
CVSS:6.5(Medium)

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker ...

CWE-3532021

CVE-2024-43108

MEDIUM
CVSS:6.5(Medium)

The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can acce...

CWE-3532024

CVE-2021-38396

MEDIUM
CVSS:6.8(Medium)

The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthoriz...

CWE-3532021