WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5.
Max CVSS
7.3
EPSS Score
0.05%
Published
2024-03-24
Updated
2024-03-25
OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. `GoogleOAuthenticator.hosted_domain` is used to restrict what Google accounts can be authorized access to a JupyterHub. The restriction is intented to be to Google accounts part of one or more Google organization verified to control specified domain(s). Prior to version 16.3.0, the actual restriction has been to Google accounts with emails ending with the domain. Such accounts could have been created by anyone which at one time was able to read an email associated with the domain. This was described by Dylan Ayrey (@dxa4481) in this [blog post] from 15th December 2023). OAuthenticator 16.3.0 contains a patch for this issue. As a workaround, restrict who can login another way, such as `allowed_users` or `allowed_google_groups`.
Max CVSS
7.5
EPSS Score
0.05%
Published
2024-03-20
Updated
2024-03-21
Xbox Gaming Services Elevation of Privilege Vulnerability
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`.
Max CVSS
9.8
EPSS Score
0.05%
Published
2024-03-15
Updated
2024-03-17
FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-07
Updated
2024-03-08
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-25
Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-21
Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespective of who owns the repo and any permissions present. The database query checks by repo owner, repo name and provider name (which is always `github`). These query values are not distinct for the particular user - as long as the user has valid credentials and a provider, they can set the repo owner/name to any value they want and the server will return information on this repo. Version 0.0.33 contains a patch for this issue.
Max CVSS
7.1
EPSS Score
N/A
Published
2024-03-21
Updated
2024-03-21
CWE-287: Improper Authentication may allow Authentication Bypass
Max CVSS
10.0
EPSS Score
0.04%
Published
2024-03-18
Updated
2024-03-18
EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator .
Max CVSS
8.8
EPSS Score
0.05%
Published
2024-02-15
Updated
2024-02-15
Azure Data Studio Elevation of Privilege Vulnerability
Max CVSS
7.3
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Microsoft Office Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-03-12
Updated
2024-03-12
Windows Kernel Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Windows Kernel Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Windows Kernel Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Windows Kernel Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Windows Error Reporting Service Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Visual Studio Code Elevation of Privilege Vulnerability
Max CVSS
8.8
EPSS Score
0.05%
Published
2024-03-12
Updated
2024-03-12
An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service. 
Max CVSS
8.4
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data.
Max CVSS
8.3
EPSS Score
0.04%
Published
2024-03-27
Updated
2024-03-27
Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php.
Max CVSS
8.8
EPSS Score
0.05%
Published
2024-02-09
Updated
2024-02-12
Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend. This vulnerability is only exploitable when the application is using the OpenID 2.0 authorization protocol. Upgrade to Flask-AppBuilder 4.3.11 to fix the vulnerability.
Max CVSS
9.1
EPSS Score
0.04%
Published
2024-02-29
Updated
2024-02-29
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`.
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-02-13
Updated
2024-02-13
Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
9.9
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!