46 matches found
SUSE CVE-2024-11741
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15...
CVE-2024-46908
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user at least Report Viewer permissions required to achieve privilege escalation to the admin account...
CVE-2024-45190
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...
PT-2024-28046 · Unknown · Bigbluebutton
Name of the Vulnerable Software and Affected Versions: BigBlueButton versions prior to 2.6.18 BigBlueButton versions prior to 2.7.8 BigBlueButton versions prior to 3.0.0-alpha.7 Description: BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An...
PYSEC-2021-2
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when webserver exposeconfig is set to False in airflow.cfg. This allowed a privilege escalation attack...
Cisco Security Advisory: Cisco Intrusion Prevention System Vulnerable to Privilege Escalation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================================= Cisco Security Advisory: Cisco Intrusion Prevention System Vulnerable to Privilege Escalation Revision 1.0 For Public Release 2005 August 22 1700 UTC GMT...