Lucene search
K

13 matches found

OSV
OSV
added 2026/05/28 6:8 p.m.6 views

GHSA-Q537-QHJ4-WCJX OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd

Summary An organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. Impact Full platform access, access to sensitive or proprietary information...

7.2CVSS5.8AI score0.00316EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:3 p.m.9 views

CVE-2026-44730

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL o...

7.2CVSS5.8AI score0.00316EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.12 views

PT-2026-43350

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.9.7 Description An organization administrator can escalate their privileges by adding a user from a different organization who possesses higher privileges into their own organization. This occurs due to an incorrect...

7.2CVSS5.8AI score0.00316EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

CoreDNS 安全漏洞

CoreDNS is a DNS server within the CoreDNS community. Versions of CoreDNS prior to 1.14.3 contained a security vulnerability. This vulnerability stemmed from an error in the selection of ACL rules in the transfer plugin, which could allow unauthorized remote clients to execute AXFR/IXFR and...

8.2CVSS5.9AI score0.00388EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/30 9:23 p.m.5 views

CVE-2026-24413

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

6.8CVSS5.9AI score0.00068EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.3 views

Tenable Network Security Nessus Code Injection Vulnerability

Tenable Network Security Nessus is an open source system vulnerability scanner from US-based Tenable Network Security. Tenable Network Security Nessus Network Monitor suffers from a security vulnerability that stems from Nessus Network Monitor NNM failing to properly set an ACL on its installatio...

7.8CVSS7.3AI score0.00151EPSS
Exploits0References3
Prion
Prion
added 2023/02/01 10:15 p.m.27 views

Design/Logic Flaw

An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access comactionlogs...

4CVSS4.5AI score0.00444EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2020/09/24 12:0 a.m.3 views

PT-2020-4165 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the RESTCONF and NETCONF-YANG access control list ACL function could allow an unauthenticated, remote attacker to cause the device to reload. The...

8.6CVSS8.5AI score0.01511EPSS
Exploits0References5
OSV
OSV
added 2019/12/23 7:15 p.m.3 views

UBUNTU-CVE-2019-3467

Debian-edu-config all versions 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals...

7.8CVSS7.1AI score0.00503EPSS
Exploits1References3
OSV
OSV
added 2016/08/10 10:42 a.m.9 views

USN-3053-1 linux-lts-vivid vulnerabilities

A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. CVE-2016-1237 It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before...

7.8CVSS7AI score0.00582EPSS
Exploits1References5
Cent OS
Cent OS
added 2016/03/15 11:34 p.m.65 views

ctdb, libsmbclient, libwbclient, samba security update

CentOS Errata and Security Advisory CESA-2016:0448 Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

6.5CVSS6.6AI score0.12938EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2016/03/15 1:18 p.m.38 views

Moderate: Red Hat Security Advisory: samba security update

Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

6.5CVSS6.6AI score0.12938EPSS
Exploits0References2
OSV
OSV
added 2007/08/08 2:17 a.m.13 views

CVE-2007-4211

The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a 1 COPY or 2 APPEND command...

5.9AI score
Exploits0References9
Rows per page
Query Builder