Total
1626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000197 | 1 Jenkins | 1 Black Duck Hub | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
| An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration. | |||||
| CVE-2018-12103 | 2 D-link, Dlink | 6 Dir-885\/r, Dir-885l\/r Firmware, Dir-895\/r and 3 more | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point. | |||||
| CVE-2017-16773 | 1 Synology | 1 Universal Search | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. | |||||
| CVE-2024-26016 | 2024-02-28 | N/A | 4.3 MEDIUM | ||
| A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue. | |||||
| CVE-2024-24779 | 2024-02-28 | N/A | 5.0 MEDIUM | ||
| Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. | |||||
| CVE-2024-24773 | 2024-02-28 | N/A | 4.9 MEDIUM | ||
| Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue. | |||||