Vulnerabilities (CVE)

Filtered by CWE-749
Total 90 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-55921 2025-01-14 N/A 7.5 HIGH
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Extension Manager Module” allows attackers to retrieve and install 3rd party extensions from the TYPO3 Extension Repository - which can lead to remote code execution in the worst case. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described.
CVE-2024-55920 2025-01-14 N/A 4.3 MEDIUM
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Dashboard Module” allows attackers to manipulate the victim’s dashboard configuration. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability.
CVE-2023-39470 1 Papercut 1 Papercut Ng 2025-01-09 N/A 7.2 HIGH
PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the management of the print.script.sandboxed setting. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20965.
CVE-2024-29880 1 Jetbrains 1 Teamcity 2024-12-16 N/A 4.2 MEDIUM
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process
CVE-2022-37365 1 Pdf-xchange 1 Pdf-xchange Editor 2024-11-27 N/A 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs method. The application exposes a JavaScript interface that allows the attacker to write arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-17527.
CVE-2024-6689 2024-11-21 N/A 7.8 HIGH
Local Privilege Escalation in MSI-Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM.
CVE-2024-32764 2024-11-21 N/A 9.9 CRITICAL
A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud Link 2.4.51 and later
CVE-2024-27261 2024-11-21 N/A 6.4 MEDIUM
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986.
CVE-2024-1873 1 Lollms 1 Lollms Web Ui 2024-11-21 N/A 9.1 CRITICAL
parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the `DiscussionsDB` instance. This flaw enables attackers to create directories anywhere on the system where the application has permissions, potentially leading to denial of service by creating directories with names of critical files, such as HTTPS certificate files, causing server startup failures. Additionally, attackers can manipulate the database path, resulting in the loss of client data by constantly changing the file location to an attacker-controlled location, scattering the data across the filesystem and making recovery difficult.
CVE-2023-5389 1 Honeywell 4 Controledge Unit Operations Controller, Controledge Unit Operations Controller Firmware, Controledge Virtual Unit Operations Controller and 1 more 2024-11-21 N/A 9.1 CRITICAL
An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. 
CVE-2023-50424 1 Sap 1 Cloud-security-client-go 2024-11-21 N/A 9.1 CRITICAL
SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
CVE-2023-50423 1 Sap 1 Sap-xssec 2024-11-21 N/A 9.1 CRITICAL
SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
CVE-2023-50422 1 Sap 1 Cloud-security-services-integration-library 2024-11-21 N/A 9.1 CRITICAL
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
CVE-2023-49583 2024-11-21 N/A 9.1 CRITICAL
SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
CVE-2023-42494 1 Busbaer 1 Eisbaer Scada 2024-11-21 N/A 7.5 HIGH
EisBaer Scada - CWE-749: Exposed Dangerous Method or Function
CVE-2023-40150 1 Softneta 1 Meddream Pacs 2024-11-21 N/A 9.8 CRITICAL
Softneta MedDream PACS does not perform an authentication check and performs some dangerous functionality, which could result in unauthenticated remote code execution.0
CVE-2023-39214 1 Zoom 1 Meeting Software Development Kit 2024-11-21 N/A 7.6 HIGH
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
CVE-2023-34227 1 Jetbrains 1 Teamcity 2024-11-21 N/A 5.3 MEDIUM
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
CVE-2021-28809 1 Qnap 2 Hybrid Backup Sync, Qts 2024-11-21 10.0 HIGH 9.8 CRITICAL
An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS 3 v3.0.210507 and later QTS 4.3.4: HBS 3 v3.0.210506 and later QTS 4.3.3: HBS 3 v3.0.210506 and later
CVE-2020-17391 1 Parallels 1 Parallels Desktop 2024-11-21 2.1 LOW 6.5 MEDIUM
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_INIT_HYPERVISOR in the prl_hypervisor kext. The issue results from the exposure of dangerous method or function to the unprivileged user. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10518.