WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5.
Max CVSS
7.3
EPSS Score
0.05%
Published
2024-03-24
Updated
2024-03-25
OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. `GoogleOAuthenticator.hosted_domain` is used to restrict what Google accounts can be authorized access to a JupyterHub. The restriction is intented to be to Google accounts part of one or more Google organization verified to control specified domain(s). Prior to version 16.3.0, the actual restriction has been to Google accounts with emails ending with the domain. Such accounts could have been created by anyone which at one time was able to read an email associated with the domain. This was described by Dylan Ayrey (@dxa4481) in this [blog post] from 15th December 2023). OAuthenticator 16.3.0 contains a patch for this issue. As a workaround, restrict who can login another way, such as `allowed_users` or `allowed_google_groups`.
Max CVSS
7.5
EPSS Score
0.05%
Published
2024-03-20
Updated
2024-03-21
Xbox Gaming Services Elevation of Privilege Vulnerability
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`.
Max CVSS
9.8
EPSS Score
0.05%
Published
2024-03-15
Updated
2024-03-17
codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus impersonate the user on the backend autocomplete server. This issue has not been addressed. Users are advised to monitor the usage of their API key.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-12
FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-07
Updated
2024-03-08
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-25
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13.
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-03-18
Updated
2024-03-18
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13.
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-03-18
Updated
2024-03-18
Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue.
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-21
Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespective of who owns the repo and any permissions present. The database query checks by repo owner, repo name and provider name (which is always `github`). These query values are not distinct for the particular user - as long as the user has valid credentials and a provider, they can set the repo owner/name to any value they want and the server will return information on this repo. Version 0.0.33 contains a patch for this issue.
Max CVSS
7.1
EPSS Score
N/A
Published
2024-03-21
Updated
2024-03-21
CWE-287: Improper Authentication may allow Authentication Bypass
Max CVSS
10.0
EPSS Score
0.04%
Published
2024-03-18
Updated
2024-03-18
EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator .
Max CVSS
8.8
EPSS Score
0.05%
Published
2024-02-15
Updated
2024-02-15
Azure Data Studio Elevation of Privilege Vulnerability
Max CVSS
7.3
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Microsoft Intune Linux Agent Elevation of Privilege Vulnerability
Max CVSS
6.6
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Microsoft Office Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-03-12
Updated
2024-03-12
Windows Kernel Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Windows Kernel Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Windows Kernel Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Windows Kernel Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Windows Error Reporting Service Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Visual Studio Code Elevation of Privilege Vulnerability
Max CVSS
8.8
EPSS Score
0.05%
Published
2024-03-12
Updated
2024-03-12
An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service. 
Max CVSS
8.4
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data.
Max CVSS
8.3
EPSS Score
0.04%
Published
2024-03-27
Updated
2024-03-27
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!