Filtered by NVD-CWE-noinfo
Filtered by vendor Subscriptions
Total 30212 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-39413 1 Adobe 2 Commerce, Magento 2024-08-14 4.3 Medium
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.
CVE-2024-39414 1 Adobe 2 Commerce, Magento 2024-08-14 4.3 Medium
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.
CVE-2024-39415 1 Adobe 2 Commerce, Magento 2024-08-14 4.3 Medium
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.
CVE-2024-39416 1 Adobe 2 Commerce, Magento 2024-08-14 4.3 Medium
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.
CVE-2024-39417 1 Adobe 2 Commerce, Magento 2024-08-14 4.3 Medium
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.
CVE-2024-39419 1 Adobe 2 Commerce, Magento 2024-08-14 4.3 Medium
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.
CVE-2024-6758 1 Sprecher-automation 24 Sprecon-e-c, Sprecon-e-c Firmware, Sprecon-e-p Dd6-2 and 21 more 2024-08-13 6.5 Medium
Improper Privilege Management in Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments.
CVE-2022-4003 1 Motorola 2 Q14, Q14 Firmware 2024-08-13 2.7 Low
A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request.
CVE-2023-1577 1 Lenovo 1 Drivers Management 2024-08-13 7.8 High
A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges.
CVE-2017-3772 1 Lenovo 1 Pcmanager 2024-08-13 5.5 Medium
A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot.
CVE-2024-42347 1 Matrix 1 Matrix-react-sdk 2024-08-12 7.7 High
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. This was patched in matrix-react-sdk 3.105.0. Deployments that trust their homeservers, as well as closed federations of trusted servers, are not affected. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-34620 1 Samsung 1 Android 2024-08-12 8.4 High
Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service.
CVE-2024-34619 2 Samsung, Samsung Mobile 2 Android, Samsung Mobile Devices 2024-08-12 7.5 High
Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
CVE-2024-42219 1 1password 1 1password 2024-08-12 7 High
1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient.
CVE-2024-42218 1 1password 1 1password 2024-08-12 6.3 Medium
1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms.
CVE-2024-30170 2 Privx, Ssh 2 Privx, Privx 2024-08-12 7.5 High
PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later,
CVE-2024-7529 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-08-12 8.1 High
The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
CVE-2024-41942 1 Jupyter 1 Jupyterhub 2024-08-12 7.2 High
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that `admin:users` is already an extremely privileged scope only granted to trusted users. In effect, `admin:users` is equivalent to `admin=True`, which is not intended. Note that the change here only prevents escalation to the built-in JupyterHub admin role that has unrestricted permissions. It does not prevent users with e.g. `groups` permissions from granting themselves or other users permissions via group membership, which is intentional. Versions 4.1.6 and 5.1.0 fix this issue.
CVE-2024-41948 1 Biscuitsec 1 Biscuit-java 2024-08-09 3 Low
biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it, which includes the public key of the previous block (used in the signature) and the public keys part of the token symbol table (for public key interning in datalog expressions). A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair. This vulnerability is fixed in 4.0.0.
CVE-2024-41949 1 Biscuitsec 1 Biscuit-auth 2024-08-09 3 Low
biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it, which includes the public key of the previous block (used in the signature) and the public keys part of the token symbol table (for public key interning in datalog expressions). A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair.