Total
2799 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40475 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-08-15 | 5.3 Medium |
| SourceCodester Best House Rental Management System v1.0 is vulnerable to Incorrect Access Control via /rental/payment_report.php, /rental/balance_report.php, /rental/invoices.php, /rental/tenants.php, and /rental/users.php. | ||||
| CVE-2024-31805 | 2024-08-15 | 6.5 Medium | ||
| TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. | ||||
| CVE-2024-25852 | 2024-08-14 | 8.8 High | ||
| Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights. | ||||
| CVE-2023-43849 | 2024-08-14 | 6.5 Medium | ||
| Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to submit a firmware image via HTTP POST requests. This may result in DoS or remote code execution. | ||||
| CVE-2023-32204 | 1 Intel | 1 One Boot Flash Update | 2024-08-14 | 8.8 High |
| Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-32507 | 2024-08-14 | 8.8 High | ||
| An issue was discovered on certain Nuki Home Solutions devices. Some BLE commands, which should have been designed to be only called from privileged accounts, could also be called from unprivileged accounts. This demonstrates that no access controls were implemented for the different BLE commands across the different accounts. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4. | ||||
| CVE-2023-27303 | 2024-08-14 | 3.8 Low | ||
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2023-44283 | 2024-08-14 | 7.8 High | ||
| In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC. | ||||
| CVE-2023-28715 | 2024-08-14 | 5 Medium | ||
| Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-44292 | 1 Dell | 1 Repository Manager | 2024-08-14 | 6.7 Medium |
| Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | ||||
| CVE-2024-41905 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | 6.8 Medium |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege's to get access to sensitive information. | ||||
| CVE-2023-32647 | 2024-08-14 | 6.8 Medium | ||
| Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-43489 | 2024-08-14 | 5.5 Medium | ||
| Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-28396 | 2024-08-14 | 6.1 Medium | ||
| Improper access control in firmware for some Intel(R) Thunderbol(TM) Controllers versions before 41 may allow a privileged user to enable denial of service via local access. | ||||
| CVE-2023-23752 | 1 Joomla | 1 Joomla\! | 2024-08-14 | 5.3 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | ||||
| CVE-2024-39414 | 1 Adobe | 2 Commerce, Magento | 2024-08-14 | 4.3 Medium |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-50257 | 2024-08-14 | 9.7 Critical | ||
| eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where the data (`p[UD]`) and `guid` values used to disconnect between nodes are not encrypted, a vulnerability has been discovered where a malicious attacker can forcibly disconnect a Subscriber and can deny a Subscriber attempting to connect. Afterwards, if the attacker sends the packet for disconnecting, which is data (`p[UD]`), to the Global Data Space (`239.255.0.1:7400`) using the said Publisher ID, all the Subscribers (Listeners) connected to the Publisher (Talker) will not receive any data and their connection will be disconnected. Moreover, if this disconnection packet is sent continuously, the Subscribers (Listeners) trying to connect will not be able to do so. Since the initial commit of the `SecurityManager.cpp` code (`init`, `on_process_handshake`) on Nov 8, 2016, the Disconnect Vulnerability in RTPS Packets Used by SROS2 has been present prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7. | ||||
| CVE-2023-31341 | 1 Amd | 1 Amd Uprof | 2024-08-14 | 7.3 High |
| Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service. | ||||
| CVE-2023-49931 | 2024-08-13 | 9.8 Critical | ||
| An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted. | ||||
| CVE-2024-25830 | 2024-08-13 | 9.8 Critical | ||
| F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password. | ||||