Lucene search
+L

257 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:23 a.m.23 views

CVE-2022-46831

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators...

6.6CVSS6.9AI score0.00449EPSS
Exploits0References1
OSV
OSV
added 2025/04/22 4:56 p.m.4 views

GO-2025-3609 Mattermost Fails to Restrict Certain Operations on System Admins in github.com/mattermost/mattermost-server

Mattermost Fails to Restrict Certain Operations on System Admins in github.com/mattermost/mattermost-server...

4.9CVSS6.6AI score0.00232EPSS
Exploits0References4
NVD
NVD
added 2025/04/14 7:15 a.m.35 views

CVE-2025-32093

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system...

4.9CVSS0.00232EPSS
Exploits0References1
CERT
CERT
added 2024/12/11 12:0 a.m.17 views

PDQ Deploy allows reuse of deleted credentials that can compromise a device and facilitate lateral movement

Overview PDQ Deploy is a service intended for usage by system administrators for the deployment of software or updates to targeted machines within their network. PDQ Deploy uses "run modes" to deploy software to their target devices. The run mode "Deploy User" insecurely creates credentials on th...

7.7AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/21 5:11 p.m.16 views

CVE-2024-52309 SFTPGo allows administrators to restrict command execution from the EventManager

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...

5.1CVSS7.2AI score0.00598EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2024/10/25 5:17 p.m.13 views

OpenIPMI security update

An update is available for OpenIPMI. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenIPMI packages provide command-line tools and utilities to access...

5CVSS7AI score0.00392EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/10/14 2:51 a.m.16 views

Moderate: Red Hat Security Advisory: OpenIPMI security update

An update for OpenIPMI is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

5CVSS6AI score0.00392EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/14 12:0 a.m.18 views

RHEL 9 : OpenIPMI (RHSA-2024:8037)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8037 advisory. The OpenIPMI packages provide command-line tools and utilities to access platform information using Intelligent Platform Management Interface IPMI...

5CVSS5.6AI score0.00392EPSS
Exploits0References5
AlmaLinux
AlmaLinux
added 2024/10/14 12:0 a.m.16 views

Moderate: OpenIPMI security update

The OpenIPMI packages provide command-line tools and utilities to access platform information using Intelligent Platform Management Interface IPMI. System administrators can use OpenIPMI to manage systems and to perform system health monitoring. Security Fixes: openipmi: missing check on the...

5CVSS7AI score0.00392EPSS
Exploits0References4
NVD
NVD
added 2024/10/01 3:15 p.m.23 views

CVE-2024-45408

eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed something disabled by default, this extends to anyon...

7.5CVSS0.00392EPSS
Exploits0References1
OSV
OSV
added 2024/10/01 3:15 p.m.5 views

CVE-2024-25661

In Infinera TNMS Transcend Network Management System 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the desktop application...

7.7CVSS5.8AI score0.00125EPSS
Exploits0References1
CVE
CVE
added 2024/10/01 2:53 p.m.50 views

CVE-2024-45408

CVE-2024-45408 — eLabFTW : An incorrect permission check could allow an authenticated user to access restricted information; if anonymous access is enabled, it may affect anyone. Affected software: eLabFTW (open source electronic lab notebook). Root cause: faulty access control logic. Impact: pot...

7.5CVSS7.4AI score0.00392EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/10/01 2:53 p.m.32 views

CVE-2024-45408 eLabFTW contains a direct and indirect information disclosure

eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed something disabled by default, this extends to anyon...

7.5CVSS0.00392EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/01 2:36 p.m.34 views

CVE-2024-25632 Unauthorised granting of administrator privileges over arbitrary teams under certain circumstances

eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The...

8.6CVSS0.00396EPSS
Exploits0References1
CVE
CVE
added 2024/10/01 2:36 p.m.59 views

CVE-2024-25632

CVE-2024-25632 affects eLabFTW. A regular user can become an administrator of a team where they are a member under a reasonable configuration, and in versions after v5.0.0 an initially unauthenticated user may gain administrative privileges over an arbitrary team. The vulnerability does not grant...

8.8CVSS8.7AI score0.00396EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/20 12:0 a.m.3 views

PT-2024-27495 · Absolute · Absolute Secure Access

Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions prior to 13.06 Description: There is a cross-site scripting issue in the management UI of Absolute Secure Access. Attackers with system administrator permissions can exploit this. Recommendations: For versions...

4.5CVSS6.5AI score0.00268EPSS
Exploits0References10
NVD
NVD
added 2024/05/30 9:15 p.m.15 views

CVE-2024-36119

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:registerform tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running...

1.8CVSS3.5AI score0.00137EPSS
Exploits0References4
OSV
OSV
added 2024/05/20 4:51 p.m.12 views

GHSA-CV5C-2QV5-W2M2 Passbolt Api Remote code execution

Passbolt provides a way for system administrators to generate a PGP key for the server during installation. The wizard requests a username, an e-mail address and an optional comment. No escaping or verification is done by Passbolt, effectively allowing a user to inject bash code. The impact is ve...

8.1CVSS7AI score
Exploits0References4
Malwarebytes
Malwarebytes
added 2024/04/09 7:21 p.m.58 views

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. The malicious ads are displayed as sponsored results on Googles search engine page and localized to North America. Victims are tricked into downloadi...

7AI score
Exploits0
GithubExploit
GithubExploit
added 2024/04/03 10:19 p.m.252 views

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 Checker The CVE-2024-3094 Checker is a powerful...

10CVSS9.8AI score0.85974EPSS
Exploits40
Rows per page
Query Builder