Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a tru...

Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the auth...

Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.

Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.

.NET and Visual Studio Elevation of Privilege Vulnerability

Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.

Outlook for Android Elevation of Privilege Vulnerability

Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vul...

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially...

NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial...

NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial...

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in cer...

Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP.

Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4.

A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker...

Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When...

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker wi...

Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access.

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify t...

A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as ...

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control...

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have ...