| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting (categories for example) despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized users to modify critical VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 configurations. |
| In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+. |
| Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data.
This issue affects :
Remote Desktop Manager 2022.3.7 and prior versions.
|
| "IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427." |
| In the Linux kernel, the following vulnerability has been resolved:
riscv: misaligned: Restrict user access to kernel memory
raw_copy_{to,from}_user() do not call access_ok(), so this code allowed
userspace to access any virtual memory address. |
| Windows Group Policy Elevation of Privilege Vulnerability |
| Microsoft Azure Site Recovery Elevation of Privilege Vulnerability |
| Skype for Business Information Disclosure Vulnerability |
| Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability |
| Windows Installer Elevation of Privilege Vulnerability |
| Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability |
| Azure Data Studio Elevation of Privilege Vulnerability |
| Microsoft Intune Linux Agent Elevation of Privilege Vulnerability |
| Azure CycleCloud Elevation of Privilege Vulnerability |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability |
| Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability |
| Proxy Driver Spoofing Vulnerability |
| Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
| Secure Boot Security Feature Bypass Vulnerability |
