A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System (IPS) rule that inspects certain types of TCP traffic. The vulnerability is due to incorrect TCP retransmission handling. An attacker could exploit this vulnerability by sending a crafted TCP connection request through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network.
RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems (with platforms ending in numbers, like `arm64-darwin-21`) to be temporarily replaced in the CDN cache by a malicious package. The bug has been patched, and is believed to have never been exploited, based on an extensive review of logs and existing gems by rubygems. The easiest way to ensure that an application has not been exploited by this vulnerability is to verify all downloaded .gems checksums match the checksum recorded in the RubyGems.org database. RubyGems.org has been patched and is no longer vulnerable to this issue.
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files.
Data confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity.
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation.
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.
In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP connections, this time-out was only applied to individual read or write operations rather than the complete request. Thus, if an RRDP repository sends a little bit of data before that time-out expired, it can continuously extend the time it takes for the request to finish. Since validation will only continue once the update of an RRDP repository has concluded, this delay will cause validation to stall, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all.
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163.
The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
There is an uncontrolled resource consumption vulnerability in the display module. Successful exploitation of this vulnerability may affect integrity.
SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges
A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.
Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information.
A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. The vulnerability is due to the incorrect handling of SSL-encrypted traffic when Decrypt for End-User Notification is disabled in the configuration. An attacker could exploit this vulnerability by sending a SSL connection through the affected device. A successful exploit could allow the attacker to bypass a configured drop policy to block specific SSL connections. Releases 10.1.x and 10.5.x are affected.
An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin.
In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.
In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense feature of the product, opening a door to subsequent attack on many of its components.
An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.
Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.
In Textpattern 4.5.7, an unprivileged author can change an article's markup setting.
Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication.
Lawrence Livermore National Laboratory msr-safe v1.1.0 is affected by: Incorrect Access Control. The impact is: An attacker could modify model specific registers. The component is: ioctl handling. The attack vector is: An attacker could exploit a bug in ioctl interface whitelist checking, in order to write to model specific registers, normally a function reserved for the root user. The fixed version is: v1.2.0.
Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1
The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory.
An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section.
Joomla! before 2.5.3 allows Admin Account Creation.
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory.
IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.