Total
146 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-32881 | 2024-04-26 | N/A | 9.8 CRITICAL | ||
Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal Slack access. This issue was patched in version 3.63. | |||||
CVE-2023-50363 | 2024-04-26 | N/A | 7.4 HIGH | ||
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | |||||
CVE-2023-5675 | 2024-04-25 | N/A | 6.5 MEDIUM | ||
A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties. | |||||
CVE-2023-3758 | 2024-04-25 | N/A | 7.1 HIGH | ||
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. | |||||
CVE-2024-27937 | 2024-04-24 | N/A | 6.5 MEDIUM | ||
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13. | |||||
CVE-2024-27930 | 2024-04-24 | N/A | 6.5 MEDIUM | ||
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13. | |||||
CVE-2024-30260 | 2024-04-19 | N/A | 3.9 LOW | ||
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1. | |||||
CVE-2024-1741 | 2024-04-15 | N/A | 9.1 CRITICAL | ||
lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by sending HTTP requests with their previously captured authorization token. This issue exposes organizations to unauthorized access and manipulation of sensitive template data. | |||||
CVE-2023-33020 | 1 Qualcomm | 164 205, 205 Firmware, 215 and 161 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE. | |||||
CVE-2023-33019 | 1 Qualcomm | 164 205, 205 Firmware, 215 and 161 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE. | |||||
CVE-2023-28584 | 1 Qualcomm | 144 Aqt1000, Aqt1000 Firmware, Csrb31024 and 141 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA). | |||||
CVE-2023-28556 | 1 Qualcomm | 452 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 449 more | 2024-04-12 | N/A | 7.8 HIGH |
Cryptographic issue in HLOS during key management. | |||||
CVE-2022-40536 | 1 Qualcomm | 162 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 159 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network. | |||||
CVE-2022-40521 | 1 Qualcomm | 484 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8953pro and 481 more | 2024-04-12 | N/A | 7.5 HIGH |
Transient DOS due to improper authorization in Modem | |||||
CVE-2024-21402 | 1 Microsoft | 1 365 Apps | 2024-04-11 | N/A | 7.1 HIGH |
Microsoft Outlook Elevation of Privilege Vulnerability | |||||
CVE-2024-3434 | 2024-04-11 | 5.5 MEDIUM | 5.4 MEDIUM | ||
A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected by this vulnerability is an unknown functionality of the component User Management. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259615. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-3139 | 2024-04-11 | 5.5 MEDIUM | 5.4 MEDIUM | ||
A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258914 is the identifier assigned to this vulnerability. | |||||
CVE-2024-3013 | 2024-04-11 | 6.5 MEDIUM | 6.3 MEDIUM | ||
A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated as critical. This issue affects some unknown processing of the file /tools/test_login.php?action=register of the component User Registration. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258299. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-2641 | 2024-04-11 | 5.0 MEDIUM | 5.3 MEDIUM | ||
A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected is an unknown function of the file /system/passwdManage.htm of the component Password Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-2557 | 2024-04-11 | 5.0 MEDIUM | 5.3 MEDIUM | ||
A vulnerability was found in kishor-23 Food Waste Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/admin.php. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257056. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |