Filtered by CWE-285
Filtered by vendor Subscriptions
Total 863 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-30948 1 Palantir 1 Foundry Comments 2025-01-07 6.5 Medium
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content. This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.
CVE-2023-29152 1 Ptc 1 Vuforia Studio 2025-01-07 6.2 Medium
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.
CVE-2023-24476 1 Ptc 1 Vuforia Studio 2025-01-06 1.8 Low
An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.
CVE-2025-21611 2025-01-06 8.8 High
tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions regardless of their permissions. Notably, the WriteUsers right is unaffected so users may not use this bug to permanently elevate their account permissions. The fix is release in tgstation-server-v6.12.3.
CVE-2024-56320 2025-01-03 N/A
GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD user account could abuse this vulnerability to access information intended only for GoCD admins, or to escalate their privileges to that of a GoCD admin in a persistent manner. it is not possible for this vulnerability to be abused prior to authentication/login. The issue is fixed in GoCD 24.5.0. GoCD users who are not able to immediate upgrade can mitigate this issue by using a reverse proxy, WAF or similar to externally block access paths with a `/go/rails/` prefix. Blocking this route causes no loss of functionality. If it is not possible to upgrade or block the above route, consider reducing the GoCD user base to more trusted set of users, including temporarily disabling use of plugins such as the guest-login-plugin, which allow limited anonymous access as a regular user account.
CVE-2023-0837 3 Apple, Microsoft, Teamviewer 3 Macos, Windows, Remote 2025-01-02 6.6 Medium
An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration.
CVE-2024-13109 2025-01-02 5.3 Medium
A vulnerability was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. It has been rated as critical. This issue affects some unknown processing of the file /doc.html. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-27937 1 Glpi-project 1 Glpi 2025-01-02 6.5 Medium
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13.
CVE-2024-27930 1 Glpi-project 1 Glpi 2025-01-02 6.5 Medium
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13.
CVE-2023-32022 1 Microsoft 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more 2025-01-01 7.6 High
Windows Server Service Security Feature Bypass Vulnerability
CVE-2023-21549 1 Microsoft 14 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 11 more 2025-01-01 8.8 High
Windows SMB Witness Service Elevation of Privilege Vulnerability
CVE-2024-43460 1 Microsoft 1 Dynamics 365 Business Central 2025-01-01 8.1 High
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.
CVE-2024-38231 1 Microsoft 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more 2025-01-01 6.5 Medium
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
CVE-2024-43482 1 Microsoft 1 Outlook 2025-01-01 6.5 Medium
Microsoft Outlook for iOS Information Disclosure Vulnerability
CVE-2024-56802 2024-12-31 N/A
Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 are facing a critical issue with scope-able Deploykeys where attackers can guess the key to get write access to the registry. User must upgrade to 0.9.2.
CVE-2024-6840 1 Redhat 3 Ansible Automation Platform, Ansible Automation Platform Developer, Ansible Automation Platform Inside 2024-12-31 6.6 Medium
An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via `automountServiceAccountToken: true`, resulting in privilege escalation to a service account.
CVE-2024-8509 1 Redhat 1 Migration Toolkit Virtualization 2024-12-27 7.5 High
A vulnerability was found in Forklift Controller.  There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value provides a 200 response with the requested information.
CVE-2024-56335 2024-12-24 7.6 High
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's account has admin or owner permissions in an unrelated organization. 3. The attacker knows the target organization's UUID and the target group's UUID. Note that this vulnerability is related to group functionality and as such is only applicable for servers who have enabled the `ORG_GROUPS_ENABLED` setting, which is disabled by default. This attack can lead to different situations: 1. Denial of service, the attacker can limit users from accessing the organization's data by removing their membership from the group. 2. Privilege escalation, if the attacker is part of the victim organization, they can escalate their own privileges by joining a group they wouldn't normally have access to. For attackers that aren't part of the organization, this shouldn't lead to any possible plain-text data exfiltration as all the data is encrypted client side. This vulnerability is patched in Vaultwarden `1.32.7`, and users are recommended to update as soon as possible. If it's not possible to update to `1.32.7`, some possible workarounds are: 1. Disabling `ORG_GROUPS_ENABLED`, which would disable groups functionality on the server. 2. Disabling `SIGNUPS_ALLOWED`, which would not allow an attacker to create new accounts on the server.
CVE-2024-12901 2024-12-24 5.3 Medium
A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-51479 1 Redhat 1 Trusted Artifact Signer 2024-12-17 7.5 High
Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability.