Devolutions Server <= 2024.3.15.0 / 2025.1.3.0 <= 2025.1.7.0 Improper Privilege Assignment (DEVO-2025-0008)

The version of Devolutions Server installed on the remote host is prior or equal to 2024.3.15.0 or 2025.1.3.0 through 2025.1.7.0 and is, therefore, affected by an improper privilege assignment vulnerability: - Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a...

CVE-2025-4493

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : Devolutions Server 2025.1.3.0 through 2025.1.7.0 Devolutions Server...

BIT-GITLAB-2024-9163 User Interface (UI) Misrepresentation of Critical Information in GitLab

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...

[NetScaler] Disabled Interface Tx Laser Remains On After Reboot on MPX

You may observe that when an interface on a NetScaler MPX is disabled, and a user subsequently performs a reboot, the transmit Tx laser for that interface might not power off as intended. This can lead to the peer switch detecting the NetScaler's disabled interface as still being UP...

CVE-2024-12896

A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222 and classified as problematic. Affected by this issue is some unknown functionality of the file /webcaps/webCapsConfig of the component Web Interface. The manipulation leads to...

CVE-2024-54005

A vulnerability has been identified in COMOS V10.3 All versions V10.3.3.5.8, COMOS V10.4.0 All versions, COMOS V10.4.1 All versions, COMOS V10.4.2 All versions, COMOS V10.4.3 All versions V10.4.3.0.47, COMOS V10.4.4 All versions V10.4.4.2, COMOS V10.4.4.1 All versions V10.4.4.1.21. The PDMS/E3D...

CVE-2024-13130

A vulnerability was found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to...

CVE-2024-54503

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled...

CVE-2023-24584

Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior...

CVE-2023-42438

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. Visiting a malicious website may lead to user interface spoofing...

CVE-2023-32310

DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...

CVE-2023-28317

A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order...

CVE-2023-51738

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Network Name SSID parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

CVE-2023-37014

Open5GS MME versions = 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a UE Context Release Request message missing a required MMEUES1APID field to repeatedly crash the MME, resulting in denial of service...

CVE-2022-22654

A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing...

CVE-2021-30003

An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add urladdress...

CVE-2020-20094

Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages...

CVE-2020-25759

An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests...

CVE-2020-9942

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing...

CVE-2020-3859

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen...