Export limit exceeded: 10568 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10568 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8970 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 8.2 High |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. | ||||
| CVE-2023-25185 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2024-12-12 | 3.8 Low |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources. | ||||
| CVE-2022-22307 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-12-12 | 4.4 Medium |
| IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753. | ||||
| CVE-2024-11669 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 6.5 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes. | ||||
| CVE-2024-8114 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 8.2 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges. | ||||
| CVE-2023-34161 | 1 Huawei | 1 Emui | 2024-12-12 | 7.5 High |
| nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2024-12349 | 2 Jfinalcms Project, Jwillber | 2 Jfinalcms, Jfinalcms | 2024-12-11 | 4.3 Medium |
| A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-3315 | 1 Jenkins | 1 Team Concert | 2024-12-11 | 4.3 Medium |
| Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2023-35866 | 1 Keepassxc | 1 Keepassxc | 2024-12-11 | 5.5 Medium |
| In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor's position is "asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker." | ||||
| CVE-2024-25149 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-12-10 | 5.4 Medium |
| Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site. | ||||
| CVE-2024-25604 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-12-10 | 6.5 Medium |
| Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit their own permission via the User and Organizations section of the Control Panel. | ||||
| CVE-2024-47585 | 2024-12-10 | 4.3 Medium | ||
| SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. While authorizations for import and export are distinguished, a single authorization is applied for both, which may contribute to these risks. On successful exploitation, this can result in potential security concerns. However, it has no impact on the integrity and availability of the application and may have only a low impact on data confidentiality. | ||||
| CVE-2024-47581 | 2024-12-10 | 4.3 Medium | ||
| SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. Confidentiality and availibility are not impacted. | ||||
| CVE-2023-52361 | 1 Huawei | 1 Harmonyos | 2024-12-09 | 7.5 High |
| The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect integrity. | ||||
| CVE-2021-37864 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 2.6 Low |
| Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs. | ||||
| CVE-2022-1384 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 4.7 Medium |
| Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities. | ||||
| CVE-2022-2408 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels. | ||||
| CVE-2023-27263 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of. | ||||
| CVE-2023-27264 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 7.1 High |
| A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API. | ||||
| CVE-2023-1774 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 4.2 Medium |
| When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel. | ||||