Filtered by NVD-CWE-Other
Filtered by vendor Subscriptions
Total 29165 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-39283 1 Intel 1 Tdx Module Software 2024-09-12 6 Medium
Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-45314 1 Dpgaspar 1 Flask App Builder 2024-09-12 3.6 Low
Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If upgrading is not possible, configure one's web server to send the specific HTTP headers for `/login` per the directions provided in the GitHub Security Advisory.
CVE-2024-6449 1 Hyperview 1 Geoportal Toolkit 2024-09-12 6.5 Medium
HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by the attacker and execute them in the user space. By manipulating this parameter it is also possible to enumerate some of the devices in Local Area Network in which the server resides.
CVE-2024-41173 1 Beckhoff 2 Ipc Diagnostics Package, Twincat\/bsd 2024-09-12 7.8 High
The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker.
CVE-2022-4529 1 Msoftplugins 1 Security Antivirus Firewall 2024-09-12 5.3 Medium
The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.
CVE-2024-0104 1 Nvidia 7 Metrox-2, Metrox-3 Xc, Mlnx-gw and 4 more 2024-09-11 4.2 Medium
NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.
CVE-2023-50315 1 Ibm 1 Websphere Application Server 2024-09-11 5.3 Medium
IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714.
CVE-2024-38886 1 Horizoncloud 1 Caterease 2024-09-10 9.8 Critical
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.
CVE-2024-7569 1 Ivanti 1 Neurons For Itsm 2024-09-07 9.6 Critical
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.
CVE-2024-45075 2 Ibm, Softwareag 2 Webmethods Integration, Webmethods 2024-09-06 8.8 High
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.
CVE-2024-45392 1 Salesagility 1 Suitecrm 2024-09-06 7.7 High
SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue.
CVE-2024-45096 1 Ibm 1 Aspera Faspex 2024-09-06 6.5 Medium
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.
CVE-2024-36068 1 Rubrik 2 Cdm, Cloud Data Management 2024-09-05 7.5 High
An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code.
CVE-2024-34637 1 Samsung 1 Android 2024-09-05 6.2 Medium
Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.
CVE-2024-34640 1 Samsung 1 Android 2024-09-05 3.3 Low
Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration.
CVE-2024-34643 1 Samsung 1 Android 2024-09-05 4.4 Medium
Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.
CVE-2024-34644 1 Samsung 1 Android 2024-09-05 4.4 Medium
Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.
CVE-2024-34646 1 Samsung 1 Android 2024-09-05 6.6 Medium
Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service.
CVE-2024-34649 1 Samsung 1 Android 2024-09-05 2.4 Low
Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen.
CVE-2024-38482 1 Dell 1 Cloudlink 2024-09-05 6.6 Medium
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database.