Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
GnuSavane

4 matches found

CVE
CVEadded 2024/04/08 12:0 a.m.75 views

CVE-2024-27632

CVE-2024-27632 affects GNU Savane, version 3.12 and earlier. The issue is an elevation of privilege due to the form_id in the form_header() function, enabling a remote attacker to escalate privileges. The vulnerability is documented across multiple sources (NVD/Red Hat/CNVD/CVE records). Impact i...

8.8CVSS7.1AI score0.01272EPSS
CVE
CVEadded 2024/04/08 12:0 a.m.65 views

CVE-2024-27631

CVE-2024-27631 is a CSRF vulnerability in GNU Savane (versions 3.12 and earlier) that allows a remote attacker to escalate privileges via the siteadmin/usergroup.php endpoint. The Red Hat, CNVD, CNNVD, CVE List, and CNVD entries corroborate a CSRF flaw enabling privilege escalation; the issue is ...

6CVSS7.1AI score0.00417EPSS
CVE
CVEadded 2024/04/08 12:0 a.m.64 views

CVE-2024-27630

CVE-2024-27630 affects GNU Savane v3.12 and earlier where an Insecure Direct Object Reference (IDOR) exists in the trackers_data_delete_file function, enabling remote deletion of arbitrary files. Exploitation details are not fully enumerated in the provided sources, but risk is described as remot...

7.5CVSS7AI score0.00819EPSS
CVE
CVEadded 2024/04/11 12:0 a.m.49 views

CVE-2024-29399

CVE-2024-29399 affects GNU Savane

7.6CVSS8AI score0.00948EPSS