| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access. |
| Improper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable escalation of privilege via local access. |
| A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258914 is the identifier assigned to this vulnerability. |
| Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. |
| A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules. |
| Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with an authentication handler is impacted. The issue is patched in Vert.x 3.9.16 and 4.4.2. There are no trivial workarounds. |
| GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue. |
| GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue. |
| A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256890 is the identifier assigned to this vulnerability. |
|
Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers
1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote
attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the
REST interface.
|
|
Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers
1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.
|
|
Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR
FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526
allows an unprivileged remote attacker to use a password hash instead of an actual password to login
to a valid user account via the REST interface.
|
| Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled. |
| DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials. |
| Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers. |
| Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers. |
| Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2. |
