Lucene search
K

300 matches found

OSV
OSV
added 2025/01/13 1:16 p.m.6 views

CVE-2025-22828

CloudStack users can add and read comments annotations on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments annotations to suc...

4.3CVSS5.8AI score0.01912EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/13 12:0 a.m.9 views

PT-2025-4736 · Apache · Apache Cloudstack

The software that is vulnerable is Apache CloudStack, specifically versions from 4.16.0 onwards. The vulnerability is an access validation issue that allows unauthorized access to annotations, which can lead to potential loss of confidentiality of CloudStack environments and resources if the...

4.3CVSS6.3AI score0.01912EPSS
Exploits0References13
CNNVD
CNNVD
added 2025/01/13 12:0 a.m.5 views

Apache CloudStack 安全漏洞

Apache CloudStack is a suite of Infrastructure-as-a-Service IaaS cloud computing platforms from the Apache USA Foundation. The platform is primarily used to deploy and manage large networks of virtual machines. A security vulnerability exists in Apache CloudStack version 4.16.0 that stems from th...

4.3CVSS6.5AI score0.01912EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2024/12/23 2:11 p.m.714 views

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apache Tomcat

CVE-2024-50379 CVE-2024-50379 exploitation The CVE-2024-50...

9.8CVSS7.3AI score0.44312EPSS
Exploits13
Debian CVE
Debian CVE
added 2024/12/11 7:16 p.m.12 views

CVE-2024-47778

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gstwavparseadtlchunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. ...

7.5CVSS6.1AI score0.00839EPSS
Exploits0
CVE
CVE
added 2024/10/25 10:34 a.m.83 views

CVE-2024-47027

CVE-2024-47027 affects Google Pixel/Android components, with the vulnerability in sm_mem_compat_get_vmm_obj in lib/sm/shared_mem.c. The issue allows arbitrary physical memory access due to improper input validation, enabling local privilege escalation without additional privileges or user interac...

7.8CVSS7.1AI score0.00094EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/10/10 10:15 p.m.44 views

CVE-2024-47164

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the bypass of directory traversal checks within the isinorequal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that...

6.5CVSS0.00687EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/10/10 9:27 p.m.18 views

Gradio's `is_in_or_equal` function may be bypassed

Impact What kind of vulnerability is it? Who is impacted? This vulnerability relates to the bypass of directory traversal checks within the isinorequal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that manipulate file...

6.5CVSS7AI score0.00687EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/09/16 11:22 p.m.50 views

CVE-2024-40850

CVE-2024-40850 describes a file access issue corrected by improved input validation. The vulnerability affects multiple Apple platforms and versions, including macOS Ventura 13.7; iOS 17.7 and iPadOS 17.7; visionOS 2; watchOS 11; macOS Sequoia 15; iOS 18 and iPadOS 18; macOS Sonoma 14.7; and tvOS...

5.5CVSS5.8AI score0.00273EPSS
Exploits0References14Affected Software6
Apple
Apple
added 2024/09/16 12:0 a.m.25 views

About the security content of tvOS 18

About the security content of tvOS 18 This document describes the security content of tvOS 18. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent...

9.1CVSS8.4AI score0.07939EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/08/07 7:17 a.m.83 views

CVE-2024-42062

CVE-2024-42062 (Apache CloudStack) : A permission validation flaw in CloudStack 4.10.0–4.19.1.0 lets domain-admins query all account-user API/secret keys, including those of root admins. An attacker with domain-admin access can leverage this to gain root-admin and other privileges, potentially co...

7.2CVSS7.8AI score0.00946EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/10/16 9:15 a.m.28 views

CVE-2023-4834

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he shoul...

4.3CVSS4.5AI score0.00331EPSS
Exploits0References2
Prion
Prion
added 2023/10/16 9:15 a.m.26 views

Design/Logic Flaw

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he shoul...

4CVSS4.6AI score0.00331EPSS
Exploits0References2Affected Software4
Vulnrichment
Vulnrichment
added 2023/10/16 8:40 a.m.17 views

CVE-2023-4834

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he shoul...

4.3CVSS6.7AI score0.00331EPSS
Exploits0References2
CVE
CVE
added 2023/10/16 8:40 a.m.79 views

CVE-2023-4834

Summary: CVE-2023-4834 affects Red Lion Europe mbCONNECT24, mymbCONNECT24, and Helmholz myREX24 / myREX24.virtual up to version 2.14.2. The root cause is an improperly implemented access validation, enabling an authenticated, low-privileged attacker to read limited, non-critical device informatio...

4.3CVSS4.5AI score0.00331EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/08/23 5:24 p.m.3 views

DRUPAL-CONTRIB-2023-040

The Data Field module provides a way of building field types that are made up of other fields, a simpler alternative to e.g. the Paragraphs system. Access to these forms isn't properly validated, allowing a user with the "access content" permission to view and edit fields on entities...

6.7AI score
Exploits0References1
OSV
OSV
added 2023/08/23 4:54 p.m.6 views

DRUPAL-CONTRIB-2023-037

This module enables you to build administrative pages for managing configuration objects, which may then be used elsewhere in the site. The module doesn't sufficiently validate access when the JSONAPI module is also installed. This vulnerability is mitigated by the fact that it only affects sites...

6.8AI score
Exploits0References1
Veracode
Veracode
added 2023/06/27 6:22 a.m.21 views

Improper Privilege Management

streampipes-rest is vulnerable to Improper Privilege Management. The vulnerability exists due to improperly validating admin-only access in UserResource.java, which allows an attacker to elevate privileges above the initially allocated roles...

8.8CVSS6.8AI score0.01096EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2023/06/06 7:15 p.m.76 views

CVE-2023-2183

Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access t...

6.4CVSS6.9AI score0.01027EPSS
Exploits1
NVD
NVD
added 2023/04/19 3:15 p.m.33 views

CVE-2023-29586

Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can...

5.5CVSS6.5AI score0.00317EPSS
Exploits0References4
Rows per page
Query Builder