Total
1750 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20283 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow an attacker to access metrics and information about devices in the Nexus Dashboard cluster. | |||||
| CVE-2024-20261 | 2024-11-21 | N/A | 5.8 MEDIUM | ||
| A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file. This vulnerability exists because of a logic error when a specific class of encrypted archive files is inspected. An attacker could exploit this vulnerability by sending a crafted, encrypted archive file through the affected device. A successful exploit could allow the attacker to send an encrypted archive file, which could contain malware and should have been blocked and dropped at the Cisco FTD device. | |||||
| CVE-2024-20065 | 2024-11-21 | N/A | 4.0 MEDIUM | ||
| In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08698617; Issue ID: MSV-1394. | |||||
| CVE-2024-1942 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of. | |||||
| CVE-2024-1888 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Mattermost fails to check the "invite_guest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server | |||||
| CVE-2024-1887 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export. | |||||
| CVE-2024-1823 | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254611. | |||||
| CVE-2024-1701 | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1632 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area. | |||||
| CVE-2024-1439 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 6.5 MEDIUM |
| Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent. | |||||
| CVE-2024-1343 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
| A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfiles(x86)% LaborOfficeFree BackUp'. | |||||
| CVE-2024-1153 | 1 Talyabilisim | 1 Travel Apps | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68. | |||||
| CVE-2024-1144 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials. | |||||
| CVE-2024-0949 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows Exploiting Incorrectly Configured Access Control Security Levels, Manipulating Web Input to File System Calls, Embedding Scripts within Scripts, Malicious Logic Insertion, Modification of Windows Service Configuration, Malicious Root Certificate, Intent Spoof, WebView Exposure, Data Injected During Configuration, Incomplete Data Deletion in a Multi-Tenant Environment, Install New Service, Modify Existing Service, Install Rootkit, Replace File Extension Handlers, Replace Trusted Executable, Modify Shared File, Add Malicious File to Shared Webroot, Run Software at Logon, Disable Security Software.This issue affects Elektraweb: before v17.0.68. | |||||
| CVE-2024-0795 | 2024-11-21 | N/A | 7.2 HIGH | ||
| If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance | |||||
| CVE-2024-0712 | 1 Byzoro | 2 Smart S150, Smart S150 Firmware | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Byzoro Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251538 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-0642 | 1 Cires21 | 1 Live Encoder | 2024-11-21 | N/A | 9.8 CRITICAL |
| Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management. | |||||
| CVE-2024-0551 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for exporting would start the download at the same time, which once downloaded - deletes the export from the system. The endpoint for exporting should simply be patched to a higher privilege level. | |||||
| CVE-2024-0415 | 1 Csdeshang | 1 Dsmall | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vulnerability is an unknown functionality of the file application/home/controller/TaobaoExport.php of the component Image URL Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250435. | |||||
| CVE-2024-0414 | 1 Csdeshang | 1 Dscms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Affected is an unknown function of the file public/install.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250434 is the identifier assigned to this vulnerability. | |||||