CVE-2024-47055 Segment cloning doesn't have a proper permission check

SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...

CVE-2024-47055

CVE-2024-47055 concerns Mautic where the cloneAction in the segment management exposes a Missing Authorization vulnerability (IDOR). An authenticated user can clone segments without proper permission checks, bypassing access controls. The root cause is insufficient authorization in the cloneActio...

CVE-2024-47055 Segment cloning doesn't have a proper permission check

SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure Direct Object Reference IDOR / Missing Authorization: A missing...

PT-2025-23115 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic affected versions not specified Description: The issue is related to the segment cloning functionality in Mautic, allowing any authenticated user to clone segments without proper authorization checks due to a missing authorization...

CVE-2023-0853

Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. :Satera LBP660C Series/LBP620C Series/MF74...

CVE-2023-0857

Unintentional change of settings during initial registration of system administrators which uses control protocols. The affected Office / Small Office Multifunction Printers and Laser Printers may allow an attacker on the network segment to trigger unauthorized access to the product. :Satera...

CVE-2023-21860

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: Internal Operations. Supported versions that are affected are 7.4.38 and prior, 7.5.28 and prior, 7.6.24 and prior and 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to...

CVE-2023-28585

Memory corruption while loading an ELF segment in TEE Kernel...

CVE-2023-2625

A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user...

CVE-2022-47662

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault /stack overflow due to infinite recursion in MediaGetSample isomedia/media.c:662...

CVE-2022-23974

In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release...

CVE-2022-27360

SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment...

CVE-2022-21483

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

CVE-2022-47208

The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication...

CVE-2021-35592

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication...

CVE-2021-36716

A ReDoS regular expression denial of service flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmailinput function may cause an application to consume an excessive amount of CPU...

CVE-2021-35593

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

CVE-2021-35598

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

CVE-2020-5534

Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors...

CVE-2020-18395

A NULL-pointer deference issue was discovered in GNUgama::set in ellipsoid.h in Gama 2.04 which can lead to a denial of service DOS via segment faults caused by crafted inputs...