ReportizFlow
Filtered by vendor
Subscriptions
Total
145 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27087 | 1 Xuxueli | 1 Xxl-job | 2025-02-26 | 7.5 High |
| Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter. | ||||
| CVE-2023-28114 | 1 Cilium | 1 Cilium-cli | 2025-02-25 | 4.8 Medium |
| `cilium-cli` is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Prior to version 0.13.2,`cilium-cli`, when used to configure cluster mesh functionality, can remove the enforcement of user permissions on the `etcd` store used to mirror local cluster information to remote clusters. Users who have set up cluster meshes using the Cilium Helm chart are not affected by this issue. Due to an incorrect mount point specification, the settings specified by the `initContainer` that configures `etcd` users and their permissions are overwritten when using `cilium-cli` to configure a cluster mesh. An attacker who has already gained access to a valid key and certificate for an `etcd` cluster compromised in this manner could then modify state in that `etcd` cluster. This issue is patched in `cilium-cli` 0.13.2. As a workaround, one may use Cilium's Helm charts to create their cluster. | ||||
| CVE-2023-4047 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Enterprise Linux and 4 more | 2025-02-13 | 8.8 High |
| A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | ||||
| CVE-2023-0181 | 6 Citrix, Linux, Microsoft and 3 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2025-02-13 | 7.1 High |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering. | ||||
| CVE-2024-24116 | 1 Ruijie | 2 Rg-nbs2009g-p, Rg-nbs2009g-p Firmware | 2025-02-11 | 9.8 Critical |
| An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm. | ||||
| CVE-2023-2020 | 1 Checkmk | 1 Checkmk | 2025-02-05 | 4.3 Medium |
| Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host. | ||||
| CVE-2025-22395 | 1 Dell | 1 Update Package Framework | 2025-02-04 | 8.2 High |
| Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker. | ||||
| CVE-2024-23704 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-35301 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | 5.5 Medium |
| In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token | ||||
| CVE-2024-46874 | 2 Ruijie, Ruijienetworks | 2 Reyee Os, Reyee Os | 2024-12-10 | 8.1 High |
| Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud. | ||||
| CVE-2024-6302 | 1 Conduit | 1 Conduit | 2024-11-21 | 8.1 High |
| Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events. | ||||
| CVE-2023-39249 | 1 Dell | 1 Supportassist For Home Pcs | 2024-11-21 | 6.3 Medium |
| Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes. | ||||
| CVE-2023-25543 | 1 Dell | 1 Power Manager | 2024-11-21 | 7.8 High |
| Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system. | ||||
| CVE-2022-39872 | 1 Samsung | 1 Sharelive | 2024-11-21 | 5.9 Medium |
| Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device. | ||||
| CVE-2022-36874 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-11-21 | 5.9 Medium |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number. | ||||
| CVE-2022-34368 | 1 Dell | 1 Emc Networker | 2024-11-21 | 6.1 Medium |
| Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources. | ||||
| CVE-2022-30727 | 1 Google | 1 Android | 2024-11-21 | 6.2 Medium |
| Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. | ||||
| CVE-2022-30725 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | ||||
| CVE-2022-30724 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | ||||
| CVE-2022-30723 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | ||||