Total
1311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27171 | 2024-11-21 | N/A | 7.4 HIGH | ||
| A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27167 | 2024-11-21 | N/A | 7.4 HIGH | ||
| Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27166 | 2024-11-21 | N/A | 7.4 HIGH | ||
| Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27155 | 2024-11-21 | N/A | 7.7 HIGH | ||
| The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27153 | 2024-11-21 | N/A | 7.4 HIGH | ||
| The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27152 | 2024-11-21 | N/A | 7.4 HIGH | ||
| The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27151 | 2024-11-21 | N/A | 7.4 HIGH | ||
| The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27150 | 2024-11-21 | N/A | 7.4 HIGH | ||
| The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27149 | 2024-11-21 | N/A | 7.4 HIGH | ||
| The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27148 | 2024-11-21 | N/A | 7.4 HIGH | ||
| The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27144 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-22430 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | N/A | 5.5 MEDIUM |
| Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2024-22428 | 1 Dell | 1 Emc Idrac Service Module | 2024-11-21 | N/A | 7.0 HIGH |
| Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity. | |||||
| CVE-2024-22409 | 1 Datahub Project | 1 Datahub | 2024-11-21 | N/A | 7.5 HIGH |
| DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade. | |||||
| CVE-2024-22385 | 2024-11-21 | N/A | 4.4 MEDIUM | ||
| Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4. | |||||
| CVE-2024-22301 | 1 Eduva | 1 Albo Pretorio Online | 2024-11-21 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo Pretorio On line.This issue affects Albo Pretorio On line: from n/a through 4.6.6. | |||||
| CVE-2024-21840 | 1 Hitachi | 1 Storage Plug-in | 2024-11-21 | N/A | 7.9 HIGH |
| Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2. | |||||
| CVE-2024-1605 | 2024-11-21 | N/A | 6.6 MEDIUM | ||
| BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. | |||||
| CVE-2024-0833 | 1 Progress | 1 Telerik Test Studio | 2024-11-21 | N/A | 7.8 HIGH |
| In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. | |||||
| CVE-2024-0770 | 2 Echa.europa, Microsoft | 2 Iuclid, Windows | 2024-11-21 | 3.2 LOW | 4.4 MEDIUM |
| A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||