Vulnerabilities (CVE)

Filtered by CWE-648
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-11068 1 Dlink 2 Dsl6740c, Dsl6740c Firmware 2024-11-24 N/A 9.8 CRITICAL
The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.
CVE-2024-37018 2024-11-21 N/A 9.1 CRITICAL
The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets.
CVE-2024-22042 1 Siemens 2 Unicam Fx, Unicam Fx Firmware 2024-11-21 N/A 7.8 HIGH
A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack.
CVE-2023-6522 2024-11-21 N/A 7.2 HIGH
Incorrect Use of Privileged APIs vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3914.
CVE-2023-6151 1 Eskom 1 E-belediye 2024-11-21 N/A 7.5 HIGH
Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105.
CVE-2023-6150 1 Eskom 1 E-belediye 2024-11-21 N/A 7.5 HIGH
Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105.
CVE-2023-4993 2024-11-21 N/A 7.5 HIGH
Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.
CVE-2023-4972 1 Yepas 1 Digital Yepas 2024-11-21 N/A 9.8 CRITICAL
Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects Digital Yepas: before 1.0.1.
CVE-2022-4805 1 Usememos 1 Memos 2024-11-21 N/A 4.3 MEDIUM
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4796 1 Usememos 1 Memos 2024-11-21 N/A 8.1 HIGH
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-24821 1 Xwiki 1 Xwiki 2024-11-21 5.5 MEDIUM 6.8 MEDIUM
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There's no easy workaround for this issue, administrators should upgrade their wiki.
CVE-2024-46978 2024-09-20 N/A 6.5 MEDIUM
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. The patch consists in checking properly the rights of the user before performing any action on the filters. Users are advised to upgrade. It's possible to fix manually the vulnerability by editing the document `XWiki.Notifications.Code.NotificationPreferenceService` to apply the changes performed in commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4.