CVE-2024-6476

MEDIUM Year: 2024
CVSS v3 Score
4.2
Medium
Weakness Type
CWE-276
View all →

Vulnerability Description

Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible for a non-admin user to gain system privileges by redirecting a file deletion upon service restart. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Related Vulnerabilities

CVE-2021-34395

MEDIUM
CVSS:4.2(Medium)

Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited informatio...

CWE-2762021

CVE-2012-1157

MEDIUM
CVSS:4.3(Medium)

Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default

CWE-2762012

CVE-2013-4764

MEDIUM
CVSS:4.3(Medium)

Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission.

CWE-2762013

CVE-2017-9505

MEDIUM
CVSS:4.3(Medium)

Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Conflu...

CWE-2762017

CVE-2019-10465

MEDIUM
CVSS:4.3(Medium)

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine wh...

CWE-2762019

CVE-2019-10473

MEDIUM
CVSS:4.3(Medium)

A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

CWE-2762019