| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10. |
| The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application. |
| The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to accept their own bind request, without the end-users approval or interaction. |
| A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration. |
| A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration. |
| Due to missing authorization an unauthenticated remote attackerĀ can cause a DoS attack by connecting via HTTPS and triggering the shutdown button. |
| A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-profile-ajax-1 of the component Personal Information Page. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
| CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts. |
| RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service. |
| A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerability is caused by improper permission checks in methods accessed via management services. |
| Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN. |
| Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information. |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. |
| In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. |
| In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed. |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. |
| In UscAIEngine service, there is a missing permission check. This could lead to set up UscAIEngine service with no additional execution privileges needed. |
