Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6620 | 2024-07-30 | N/A | 3.5 LOW | ||
| Honeywell PC42t, PC42tp, and PC42d Printers, T10.19.020016 to T10.20.060398, contain a cross-site scripting vulnerability. A(n) attacker could potentially inject malicious code which may lead to information disclosure, session theft, or client-side request forgery. Honeywell recommends updating to the most recent version of this firmware, PC42 Printer Firmware Version 20.6 T10.20.060398. | |||||
| CVE-2024-39870 | 2024-07-09 | N/A | 6.3 MEDIUM | ||
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges. | |||||
| CVE-2023-48789 | 2024-06-03 | N/A | 4.3 MEDIUM | ||
| A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP requests. | |||||
| CVE-2024-32512 | 2024-05-17 | N/A | 5.3 MEDIUM | ||
| Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20. | |||||
| CVE-2024-32685 | 2024-05-17 | N/A | 5.3 MEDIUM | ||
| Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.2.5. | |||||
| CVE-2024-32521 | 2024-05-17 | N/A | 5.3 MEDIUM | ||
| Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through 5.5.6. | |||||
| CVE-2024-31491 | 2024-05-14 | N/A | 8.8 HIGH | ||
| A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests. | |||||
| CVE-2023-23570 | 1 Gallagher | 1 Command Centre | 2024-01-05 | N/A | 8.1 HIGH |
| Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior. | |||||
| CVE-2023-42787 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2023-12-21 | N/A | 6.5 MEDIUM |
| A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution. | |||||
| CVE-2023-30955 | 1 Palantir | 1 Foundry Workspace-server | 2023-11-07 | N/A | 5.4 MEDIUM |
| A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0. | |||||
| CVE-2023-20172 | 1 Cisco | 1 Identity Services Engine | 2023-11-07 | N/A | 4.9 MEDIUM |
| Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-20171 | 1 Cisco | 1 Identity Services Engine | 2023-11-07 | N/A | 6.5 MEDIUM |
| Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-20106 | 1 Cisco | 1 Identity Services Engine | 2023-11-07 | N/A | 3.8 LOW |
| Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-0750 | 1 Lynx-technik | 2 Yellobrik Pec 1864, Yellobrik Pec 1864 Firmware | 2023-11-07 | N/A | 9.8 CRITICAL |
| Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would allow an attacker to : - Change the password, resulting in a DOS of the users - Change the streaming source, compromising the integrity of the stream - Change the streaming destination, compromising the confidentiality of the stream This issue affects Yellowbrik: PEC 1864. No patch has been issued by the manufacturer as this model was discontinued. | |||||
| CVE-2022-20658 | 1 Cisco | 2 Unified Contact Center Express, Unified Contact Center Management Portal | 2023-11-07 | 8.5 HIGH | 9.6 CRITICAL |
| A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP. To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials. | |||||
| CVE-2023-3747 | 1 Cloudflare | 1 Warp | 2023-09-13 | N/A | 5.5 MEDIUM |
| Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access to the device, could extend the maximum allowed disconnected time of WARP client granted by an override code by changing the date & time on the local device where WARP is running. | |||||
| CVE-2023-39218 | 1 Zoom | 3 Rooms, Virtual Desktop Infrastructure, Zoom | 2023-08-11 | N/A | 4.9 MEDIUM |
| Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. | |||||
| CVE-2023-36535 | 1 Zoom | 3 Rooms, Virtual Desktop Infrastructure, Zoom | 2023-08-11 | N/A | 6.5 MEDIUM |
| Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. | |||||
| CVE-2021-36338 | 1 Dell | 7 Powermax Os, Solutions Enabler, Solutions Enabler Virtual Appliance and 4 more | 2022-12-09 | 5.2 MEDIUM | 8.0 HIGH |
| Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338. | |||||
| CVE-2021-21544 | 1 Dell | 1 Idrac9 Firmware | 2022-10-25 | 4.0 MEDIUM | 2.7 LOW |
| Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user. | |||||