431 matches found
CVE-2023-34421
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...
CVE-2023-34420
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API...
CVE-2023-34421
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...
CVE-2023-34421
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation...
PT-2023-24869 · Lenovo · Lxca
Name of the Vulnerable Software and Affected Versions: LXCA affected versions not specified Description: A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation...
CVE-2023-2801
A flaw was found in grafana. This issue occurs when sending an API call to the /ds/query or public dashboard query endpoint that has mixed queries, such as having two or more distinct data sources in one API call. As a result, the Grafana instance will crash. Currently, the only feature that uses...
CVE-2023-0683
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call...
CVE-2023-0683
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call...
CVE-2023-0683
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call...
PT-2023-16452 · Xcc · Xcc
Name of the Vulnerable Software and Affected Versions: XCC affected versions not specified Description: A valid, authenticated XCC user with read-only access may gain elevated privileges through a specifically crafted API call. Recommendations: At the moment, there is no information about a newer...
Mattermost Server < 7.1.6 / 7.2.x < 7.7.2 / 7.8.x < 7.8.1 Information Disclosure (MMSA-2023-00141)
The version of Mattermost Server running on the remote host is prior to 7.1.6, 7.2.x prior to 7.7.2 or 7.8.x prior to 7.8.1. It is, therefore, affected by an information disclosure vulnerability. An unauthenticated, remote attacker can request a preview of an existing message when creating a new...
CVE-2023-26567
Sangoma FreePBX 1805 through 2302 when obtained as a ,.ISO file places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database MariaDB/MySQL and Asterisk Manager Interface. For example, an attack...
Improper Authorization lead a user can accept his answer as the best answer
Description Login as user A and make a question https://meta.answer.dev/questions/D1C7/how-to-set-my-laptop-auto-start-at-particular-time Login as User B and answer this As normal, User A can vote the answer of User B is best answer But with this vuln, User B can call the api POST...
GHSA-3WQ5-3F56-V5XC Mattermost vulnerable to information disclosure
Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message...
CVE-2023-1777
Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message...
CVE-2023-1777 Information disclosure in linked message previews
Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message...
CVE-2023-1562
Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner...
CVE-2023-1562
Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner...
Buffer overflow
Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner...
CVE-2023-1562 Full name revealed via /plugins/focalboard/api/v2/users
Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner...