Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11068 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | N/A | 9.8 CRITICAL |
| The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account. | |||||
| CVE-2024-22042 | 1 Siemens | 2 Unicam Fx, Unicam Fx Firmware | 2024-10-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack. | |||||
| CVE-2023-6522 | 2024-09-26 | N/A | 7.2 HIGH | ||
| Incorrect Use of Privileged APIs vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3914. | |||||
| CVE-2023-6151 | 1 Eskom | 1 E-belediye | 2024-09-26 | N/A | 7.5 HIGH |
| Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105. | |||||
| CVE-2023-6150 | 1 Eskom | 1 E-belediye | 2024-09-26 | N/A | 7.5 HIGH |
| Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105. | |||||
| CVE-2023-4993 | 2024-09-26 | N/A | 7.5 HIGH | ||
| Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8. | |||||
| CVE-2023-4972 | 1 Yepas | 1 Digital Yepas | 2024-09-26 | N/A | 9.8 CRITICAL |
| Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects Digital Yepas: before 1.0.1. | |||||
| CVE-2024-46978 | 2024-09-20 | N/A | 6.5 MEDIUM | ||
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. The patch consists in checking properly the rights of the user before performing any action on the filters. Users are advised to upgrade. It's possible to fix manually the vulnerability by editing the document `XWiki.Notifications.Code.NotificationPreferenceService` to apply the changes performed in commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4. | |||||
| CVE-2024-37018 | 2024-08-05 | N/A | 9.1 CRITICAL | ||
| The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets. | |||||
| CVE-2022-4687 | 2024-02-04 | N/A | 8.1 HIGH | ||
| Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-24821 | 1 Xwiki | 1 Xwiki | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There's no easy workaround for this issue, administrators should upgrade their wiki. | |||||