4960 matches found
CVE-2024-36543
Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector bypassing Kafka ACL if it exists, and potentially stea...
CVE-2024-36543
Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector bypassing Kafka ACL if it exists, and potentially stea...
CVE-2024-36543
Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector bypassing Kafka ACL if it exists, and potentially stea...
CVE-2024-28969
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
CVE-2024-28966
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
CVE-2024-28967
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain API...
CVE-2024-29169
Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...
CVE-2024-28969
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
CVE-2024-28969
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
CVE-2024-28967
Dell SCG (Secure Connect Gateway) vulnerable to improper access control in versions prior to 5.24.00.00 due to an exposed internal maintenance REST API that, if enabled by an Admin user from the UI, could allow a remote, low-privileged attacker to execute admin-only backend APIs associated with t...
CVE-2024-28967
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain API...
CVE-2024-28966
CVE-2024-28966 affects Dell SCG with versions prior to 5.24.00.00, due to an Improper Access Control vulnerability in an internal update REST API that a Admin UI-enabled function exposes. A remote, low-privileged attacker could access APIs intended for Admin Users on the backend database and pote...
CVE-2024-28966
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
CVE-2024-28965
CVE-2024-28965 affects Dell SCG prior to 5.24.00.00. The issue is an Improper Access Control in an internal enable REST API exposed by the SCG (if enabled via the UI by an Admin). A remote, low-privileged attacker could trigger internal APIs intended for Admin Users on the backend database, poten...
CVE-2024-28965
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal...
Podlove Web Player < 5.7.4 - Missing Authorization to Unauthenticated Information Exposure
Description The Podlove Web Player plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /shortcode REST API endpoint in all versions up to, and including, 5.7.3. This makes it possible for unauthenticated attackers to view information they...
PT-2024-22775 · Dell · Dell Scg
Name of the Vulnerable Software and Affected Versions: Dell SCG versions prior to 5.22.00.00 Description: The issue concerns a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this, leading to the execution of...
CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site ...
CVE-2024-4898
CVE-2024-4898 affects WordPress InstaWP Connect – 1-click WP Staging & Migration plugin. All versions
CVE-2024-29849: Veeam discloses Critical Vulnerability that allows attackers to bypass user authentication on its Backup Enterprise Manager web interface
On May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager VBEM web interface that enables an unauthenticated attacker to log into the web interface as any user. Officially designated as CVE-2024-29849, the vulnerability presents a major threat with a CVSS V3 rating ...