Total
2799 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-25653 | 2024-08-29 | 4.3 Medium | ||
Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI. | ||||
CVE-2024-0032 | 2024-08-29 | 6.8 Medium | ||
In queryChildDocuments of FileSystemProvider.java, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | ||||
CVE-2023-52362 | 2024-08-29 | 7.5 High | ||
Permission management vulnerability in the lock screen module.Successful exploitation of this vulnerability may affect availability. | ||||
CVE-2021-47155 | 2024-08-29 | 9.1 Critical | ||
The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. | ||||
CVE-2024-20657 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2024-08-29 | 7 High |
Windows Group Policy Elevation of Privilege Vulnerability | ||||
CVE-2024-8216 | 1 Insurance Management System Project | 1 Insurance Management System | 2024-08-29 | 5.4 Medium |
A vulnerability, which was classified as critical, has been found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file editPayment.php of the component Payment Handler. The manipulation of the argument recipt_no leads to improper access controls. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-5470 | 1 Gitlab | 1 Gitlab | 2024-08-29 | 3.8 Low |
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens. | ||||
CVE-2024-5430 | 1 Gitlab | 1 Gitlab | 2024-08-29 | 6.8 Medium |
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL. | ||||
CVE-2024-5318 | 1 Gitlab | 1 Gitlab | 2024-08-29 | 4 Medium |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts. | ||||
CVE-2024-5257 | 1 Gitlab | 1 Gitlab | 2024-08-29 | 4.9 Medium |
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role may have been able to modify the URL for a group namespace. | ||||
CVE-2024-3127 | 1 Gitlab | 1 Gitlab | 2024-08-29 | 4.3 Medium |
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level. | ||||
CVE-2024-1525 | 1 Gitlab | 1 Gitlab | 2024-08-29 | 5.3 Medium |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP. | ||||
CVE-2023-44282 | 1 Dell | 1 Repository Manager | 2024-08-29 | 6.7 Medium |
Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | ||||
CVE-2024-20279 | 2024-08-29 | 4.3 Medium | ||
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete child policies created under default system policies, which are implicitly used by all tenants in the fabric, resulting in disruption of network traffic. Exploitation is not possible for policies under tenants that an attacker has no authorization to access. | ||||
CVE-2023-49543 | 2024-08-28 | 9.8 Critical | ||
Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating. | ||||
CVE-2024-28338 | 2024-08-28 | 8.0 High | ||
A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie. | ||||
CVE-2023-2112 | 1 M-files | 1 M-files Server | 2024-08-28 | 3.6 Low |
Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0. | ||||
CVE-2024-40531 | 1 Uab Lexita | 2 Panteracrm Cms, Patera Crm Cms | 2024-08-28 | 8.8 High |
A mass assignment vulnerability exists in Pantera CRM versions 401.152 and 402.072. This flaw allows authenticated users to modify any user attribute, including roles, by injecting additional parameters via profile management functions. | ||||
CVE-2024-28115 | 2024-08-28 | 8.8 High | ||
FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper. | ||||
CVE-2024-2481 | 2024-08-28 | 6.5 Medium | ||
A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256890 is the identifier assigned to this vulnerability. |