Total
2799 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-22415 | 1 Jupyter | 1 Language Server Protocol Integration | 2024-09-10 | 7.3 High |
jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp. | ||||
CVE-2024-44667 | 1 Shenzhen Haichangxing Technology | 1 Hcx H822 Firmware | 2024-09-10 | 8 High |
Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access. | ||||
CVE-2023-30969 | 1 Palantir | 1 Tiles | 2024-09-10 | 8.2 High |
The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints. | ||||
CVE-2024-21483 | 2024-09-10 | 4.6 Medium | ||
A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data. | ||||
CVE-2023-30587 | 1 Nodejs | 1 Nodejs | 2024-09-09 | 7.5 High |
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module (node:inspector). By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the isInternal value when an inspector is attached within the Worker constructor before initializing a new WorkerImpl. This vulnerability exclusively affects Node.js users employing the permission model mechanism. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | ||||
CVE-2023-30583 | 1 Nodejs | 1 Nodejs | 2024-09-09 | 7.5 High |
fs.openAsBlob() can bypass the experimental permission model when using the file system read restriction with the `--allow-fs-read` flag in Node.js 20. This flaw arises from a missing check in the `fs.openAsBlob()` API. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | ||||
CVE-2023-30582 | 1 Nodejs | 1 Nodejs | 2024-09-09 | 5.3 Medium |
A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file watching through the fs.watchFile API. As a result, malicious actors can monitor files that they do not have explicit read access to. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | ||||
CVE-2023-36722 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-09-09 | 4.4 Medium |
Active Directory Domain Services Information Disclosure Vulnerability | ||||
CVE-2024-23663 | 1 Fortinet | 2 Fortiextender, Fortiextender Firmware | 2024-09-09 | 8.1 High |
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request. | ||||
CVE-2023-50181 | 1 Fortinet | 1 Fortiadc | 2024-09-09 | 4.8 Medium |
An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests. | ||||
CVE-2023-46666 | 1 Elastic | 1 Elastic Sharepoint Online Python Connector | 2024-09-09 | 5.3 Medium |
An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch. | ||||
CVE-2024-42022 | 1 Veeam | 1 One | 2024-09-09 | N/A |
An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. | ||||
CVE-2024-42023 | 1 Veeam | 1 One | 2024-09-09 | N/A |
An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. | ||||
CVE-2024-42021 | 1 Veeam | 1 One | 2024-09-09 | N/A |
An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. | ||||
CVE-2023-46992 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-09-06 | 7.5 High |
TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages. | ||||
CVE-2024-24986 | 1 Intel | 2 Ethernet 800 Series Controllers Driver, Ethernet Complete Driver Pack | 2024-09-06 | 8.8 High |
Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-25576 | 1 Intel | 6 Agilex 7 Fpga F-series 006 Firmware, Agilex 7 Fpga F-series 008 Firmware, Agilex 7 Fpga F-series 012 Firmware and 3 more | 2024-09-06 | 7.9 High |
improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access. | ||||
CVE-2024-26022 | 1 Intel | 3 Aptio V Uefi Firmware Integrator Tools, Uefi Integrator Tools On Aptio V For Intel Nuc Lnx, Uefi Integrator Tools On Aptio V For Intel Nuc Win | 2024-09-06 | 7.8 High |
Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-28050 | 1 Intel | 2 Arc A Graphics, Iris Xe Graphics | 2024-09-06 | 5 Medium |
Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access. | ||||
CVE-2023-5833 | 1 Mintplexlabs | 1 Anythingllm | 2024-09-06 | 8.8 High |
Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. |