Total
2799 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-27602 | 2024-09-04 | 9.1 Critical | ||
Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module. | ||||
CVE-2023-46759 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-04 | 7.5 High |
Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2024-30261 | 1 Redhat | 1 Openshift Devspaces | 2024-09-04 | 2.6 Low |
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1. | ||||
CVE-2023-47110 | 1 Prestashop | 1 Customer Reassurance Block | 2024-09-04 | 9.1 Critical |
blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4. | ||||
CVE-2023-49233 | 1 Visual Planning | 1 Admin Center | 2024-09-03 | 8.8 High |
Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of configured credentials and potentially elevate their privileges to administrator level. | ||||
CVE-2023-46755 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-03 | 5.3 Medium |
Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart. | ||||
CVE-2022-46025 | 1 Totolink | 2 N200re V5, N200re V5 Firmware | 2024-09-03 | 9.1 Critical |
Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. | ||||
CVE-2023-47034 | 1 Uniswapfrontrunbot Project | 1 Uniswapfrontrunbot | 2024-09-03 | 7.5 High |
A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to cause financial losses via unspecified vectors. | ||||
CVE-2024-41518 | 2 Feripro, Mecodia | 2 Feripro, Feripro | 2024-09-03 | 7.5 High |
An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants. | ||||
CVE-2024-43377 | 1 Umbraco | 1 Umbraco Cms | 2024-09-03 | 5.4 Medium |
Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2. | ||||
CVE-2023-43901 | 1 Emsigner | 1 Emsigner | 2024-09-03 | 5.9 Medium |
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user. | ||||
CVE-2024-34152 | 2024-09-03 | 4.3 Medium | ||
Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query request to the server | ||||
CVE-2024-37884 | 1 Nextcloud | 1 Nextcloud Server | 2024-09-03 | 3.5 Low |
Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3. | ||||
CVE-2023-41570 | 1 Mikrotik | 1 Routeros | 2024-09-03 | 5.3 Medium |
MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API. | ||||
CVE-2024-43409 | 1 Ghost | 1 Ghost | 2024-09-03 | 6.5 Medium |
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue. | ||||
CVE-2023-31403 | 1 Sap | 1 Business One | 2024-09-03 | 9.6 Critical |
SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability. | ||||
CVE-2024-45313 | 2024-09-03 | 5.4 Medium | ||
Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security features via a configuration setting (`SIBLING_CONTAINERS_ENABLED` in Toolkit, `SANDBOXED_COMPILES` in legacy docker-compose/custom deployments). If these security features are not enabled then users have access to the `sharelatex` container resources (filesystem, network, environment variables) when running compiles, leading to multiple file access vulnerabilities, either directly or via symlinks created during compiles. The setting has now been changed to be secure by default for new installs in the Toolkit and legacy docker-compose deployment. The Overleaf Toolkit has been updated to set `SIBLING_CONTAINERS_ENABLED=true` by default for new installs. It is recommended that any existing installations using the previous default setting migrate to using sibling containers. Existing installations can set `SIBLING_CONTAINERS_ENABLED=true` in `config/overleaf.rc` as a mitigation. In legacy docker-compose/custom deployments `SANDBOXED_COMPILES=true` should be used. | ||||
CVE-2023-51070 | 1 Qstar | 1 Archive Storage Manager | 2024-08-30 | 7.5 High |
An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server. | ||||
CVE-2023-32279 | 1 Intel | 1 Connectivity Performance Suite | 2024-08-30 | 7.5 High |
Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access. | ||||
CVE-2023-22448 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-08-30 | 5.9 Medium |
Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access. |