CVE-2024-38806

LOW Year: 2024
CVSS v3 Score
3.9
Low
Weakness Type
CWE-440
View all →

Vulnerability Description

Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 , potentially resulting in users retaining access rights they should not have. This can allow them to perform operations beyond their intended permissions.

Related Vulnerabilities

CVE-2025-32728

LOW
CVSS:3.8(Low)

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

CWE-4402025

CVE-2025-46712

LOW
CVSS:3.7(Low)

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to ...

CWE-4402025

CVE-2024-56202

MEDIUM
CVSS:4.3(Medium)

Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to ...

CWE-4402024

CVE-2024-8690

MEDIUM
CVSS:4.4(Medium)

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leverage...

CWE-4402024

CVE-2025-27401

MEDIUM
CVSS:4.6(Medium)

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. How...

CWE-4402025

CVE-2025-40555

MEDIUM
CVSS:4.7(Medium)

A vulnerability has been identified in APOGEE PXC+TALON TC Series (BACnet) (All versions). Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet creat...

CWE-4402025