Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32259 | 2024-08-02 | 6.5 Medium | ||
| Insufficient Granularity of Access Control vulnerability in OpenTextâ„¢ Service Management Automation X (SMAX), OpenTextâ„¢ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11; and Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. | ||||
| CVE-2023-27591 | 1 Miniflux Project | 1 Miniflux | 2024-08-02 | 7.5 High |
| Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS_COLLECTOR` configuration option is enabled and `METRICS_ALLOWED_NETWORKS` is set to `127.0.0.1/8` (the default). A patch is available in Miniflux 2.0.43. As a workaround, set `METRICS_COLLECTOR` to `false` (default) or run Miniflux behind a trusted reverse-proxy. | ||||
| CVE-2023-3227 | 1 Fossbilling | 1 Fossbilling | 2024-08-02 | 5.7 Medium |
| Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0. | ||||
| CVE-2023-0205 | 1 Nvidia | 4 Connectx-5, Connectx-6, Connectx-6-dx and 1 more | 2024-08-02 | 5 Medium |
| NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. | ||||
| CVE-2023-0203 | 1 Nvidia | 4 Connectx-5, Connectx-6, Connectx-6-dx and 1 more | 2024-08-02 | 5 Medium |
| NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. | ||||
| CVE-2024-39323 | 2024-08-02 | 7.1 High | ||
| aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10, 2023.10.6, and 2024.04.6 fix this issue. | ||||
| CVE-2024-29200 | 2024-08-02 | 6.8 Medium | ||
| Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0. | ||||
| CVE-2024-26246 | 1 Microsoft | 1 Edge | 2024-08-02 | 3.9 Low |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||||
| CVE-2024-5389 | 1 Lunary | 1 Lunary | 2024-08-01 | 8.1 High |
| In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset prompts and their variations against the organization or project of the requesting user. As a result, unauthorized modifications to dataset prompts can occur, leading to altered or removed dataset prompts without proper authorization. This vulnerability impacts the integrity and consistency of dataset information, potentially affecting the results of experiments. | ||||
| CVE-2022-2220 | 2023-11-07 | 0.0 Low | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | ||||