151
|
8.8 |
HIGH
Network
|
atlassian
|
jira_align
|
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role t…
Update
|
CWE-276
Incorrect Default Permissions
|
CVE-2022-36803
|
2024-10-3 00:35 |
2022-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
152
|
5.3 |
MEDIUM
Adjacent
|
synology
|
active_backup_for_business_agent
|
Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credent…
Update
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2023-52950
|
2024-10-3 00:26 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
153
|
5.5 |
MEDIUM
Local
|
synology
|
active_backup_for_business_agent
|
Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential …
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-52949
|
2024-10-3 00:26 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
154
|
5.0 |
MEDIUM
Local
|
synology
|
active_backup_for_business_agent
|
Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecifie…
Update
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2023-52948
|
2024-10-3 00:26 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
155
|
3.3 |
LOW
Local
|
synology
|
active_backup_for_business_agent
|
Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecifi…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-52947
|
2024-10-3 00:26 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
156
|
- |
|
-
|
-
|
DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (data…
New
|
CWE-79 CWE-80
Cross-site Scripting Basic XSS
|
CVE-2024-47612
|
2024-10-3 00:15 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
157
|
- |
|
-
|
-
|
A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges.
New
|
-
|
CVE-2024-44193
|
2024-10-3 00:15 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
158
|
8.8 |
HIGH
Network
|
freeipa
|
freeipa
|
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake r…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-2698
|
2024-10-3 00:15 |
2024-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
159
|
5.5 |
MEDIUM
Local
|
opentext
|
identity_manager_azuread_driver
|
A vulnerability identified in OpenText™
Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2021-22518
|
2024-10-3 00:10 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
160
|
7.5 |
HIGH
Network
netiq
|
identity_manager_rest_driver
|
Possible Insertion of Sensitive Information into Log File Vulnerability
in Identity Manager has been discovered in
OpenText™
Identity Manager REST Driver. This impact version before 1.1.2.0200.
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2022-26322
|
2024-10-3 00:03 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|