CVE-2024-42013

MEDIUM Year: 2024
CVSS v3 Score
6.4
Medium
Weakness Type
CWE-863
View all →

Vulnerability Description

In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of the program.

Related Vulnerabilities

CVE-2018-15692

MEDIUM
CVSS:6.4(Medium)

Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass and data manipulation in certain functions.

CWE-8632018

CVE-2018-15693

MEDIUM
CVSS:6.4(Medium)

Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference.

CWE-8632018

CVE-2019-3831

MEDIUM
CVSS:6.4(Medium)

A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as...

CWE-8632019

CVE-2023-38486

MEDIUM
CVSS:6.4(Medium)

A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned ...

CWE-8632023

CVE-2024-29834

MEDIUM
CVSS:6.4(Medium)

This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These ma...

CWE-8632024

CVE-2024-45037

MEDIUM
CVSS:6.4(Medium)

The AWS Cloud Development Kit (CDK) is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormatio...

CWE-8632024