Total
205 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41644 | 1 Openrobotics | 1 Robot Operating System | 2024-12-13 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component. | |||||
| CVE-2024-41646 | 1 Openrobotics | 1 Robot Operating System | 2024-12-13 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller. | |||||
| CVE-2024-41645 | 1 Openrobotics | 1 Robot Operating System | 2024-12-13 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl. | |||||
| CVE-2024-41648 | 1 Openrobotics | 1 Robot Operating System | 2024-12-13 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller. | |||||
| CVE-2024-41649 | 1 Openrobotics | 1 Robot Operating System | 2024-12-13 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. | |||||
| CVE-2024-41650 | 1 Openrobotics | 1 Robot Operating System | 2024-12-13 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d. | |||||
| CVE-2024-22121 | 1 Zabbix | 1 Zabbix | 2024-12-10 | N/A | 6.1 MEDIUM |
| A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application. | |||||
| CVE-2024-22114 | 1 Zabbix | 1 Zabbix | 2024-12-04 | N/A | 4.3 MEDIUM |
| User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard. | |||||
| CVE-2024-43784 | 2024-11-26 | N/A | N/A | ||
| lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit all of the previous user's credentials. This issue has been addressed in release version 1.33.0 and all users are advised to upgrade. The only known workaround for those who cannot upgrade is to not reuse usernames. | |||||
| CVE-2024-52522 | 2024-11-18 | N/A | N/A | ||
| Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2. | |||||
| CVE-2023-47463 | 1 Gl-inet | 2 Gl-ax1800, Gl-ax1800 Firmware | 2024-10-16 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the gl_nas_sys authentication function. | |||||
| CVE-2023-41939 | 1 Jenkins | 1 Ssh2 Easy | 2024-09-26 | N/A | 8.8 HIGH |
| Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they're no longer entitled to. | |||||
| CVE-2023-43612 | 1 Openatom | 1 Openharmony | 2024-09-09 | N/A | 7.8 HIGH |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions. | |||||
| CVE-2023-6239 | 1 M-files | 1 M-files Server | 2024-08-28 | N/A | 8.8 HIGH |
| Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object. | |||||
| CVE-2021-45008 | 1 Plesk | 1 Plesk | 2024-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users | |||||
| CVE-2021-33990 | 1 Liferay | 1 Liferay Portal | 2024-08-04 | N/A | 9.8 CRITICAL |
| Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The vendor disputes this issue because the exploit reference link only shows frmfolders.html is accessible and does not demonstrate how an unauthorized user can upload a file. | |||||
| CVE-2024-37882 | 1 Nextcloud | 1 Nextcloud Server | 2024-07-19 | N/A | 8.1 HIGH |
| Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4. | |||||
| CVE-2024-1726 | 2024-04-25 | N/A | N/A | ||
| A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service. | |||||
| CVE-2023-1386 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2024-04-17 | N/A | 7.8 HIGH |
| A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host. | |||||
| CVE-2024-0674 | 1 Lamassu | 4 Douro, Douro Firmware, Douro Ii and 1 more | 2024-02-08 | N/A | 7.8 HIGH |
| Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js. | |||||