CVE-2024-38814

An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. Updates are available...

CVE-2024-38814

An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. Updates are available...

rke 安全漏洞

rke is an extremely simple, lightning fast Kubernetes installer open-sourced by Rancher. There is a security vulnerability in rke that stems from credentials being stored in a ConfigMap with information that allows a non-administrative user to be upgraded to administrator...

GHSA-R6PH-5FP2-3W2V Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access

In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access...

Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access

In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access...

CVE-2024-44076

In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access...

CVE-2024-44076

Microcks before version 1.10.0 has a vulnerability where POST /api/import and POST /api/export allow non-administrator access. This is documented across multiple sources (including Red Hat, Veracode, GHSA, OSV, NVD) with CVE-2024-44076 and related advisories. The flaw enables unauthorized access ...

CVE-2024-42377

SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application...

CVE-2024-22062 Permissions and Access Control Vulnerability in ZTE ZXCLOUD IRAI

There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration...

CVE-2024-39708

An issue was discovered in the Agent in Delinea Privilege Manager formerly Thycotic Privilege Manager before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory used by .NET Shadow Copies such that privilege escalation can occur if the co...

CVE-2023-49978

Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators...

CVE-2023-49978

Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators...

CVE-2023-49978

Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators...

CVE-2023-6815

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...

Privilege escalation

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...

Zulip security vulnerability

Zulip is a powerful open source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. A security vulnerability exists in versions prior to Zulip 8.1 that stems from the fact that a non-administrator can invi...

EFACEC UC 500 Security Vulnerability

EFACEC UC 500 is a solution from EFACEC Portugal that provides an integrated and flexible communication gateway, automation platform and HMI solution for utility and industrial applications. A security vulnerability exists in the EFACEC UC 500 that originates from the fact that a user without...

CVE-2023-39253

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system...

PT-2023-7129 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to a lack of rate-limiting of requests sent to a specific API related to an FMC log, which could allow an unauthenticated, remote...

PT-2023-6425 · Vmware · Vcenter Server +1

Name of the Vulnerable Software and Affected Versions: vCenter Server versions affected versions not specified Description: The issue is related to a partial information disclosure vulnerability in vCenter Server. It may allow a malicious actor with non-administrative privileges to access...