40 matches found
CVE-2023-44106
API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally...
Design/Logic Flaw
API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally...
CVE-2023-44106
API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally...
Remote Code Execution
ethyca-fides is vulnerable to Arbitrary Code Execution. The vulnerability is due to certain API clients who have a special level of permission called "CONNECTORTEMPLATEREGISTER." In the Fides Admin interface one can upload a zip file with arbitrary python code and can execute it. Exploitation is...
Input validation
An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections...
CVE-2023-36388 Apache Superset: Improper API permission for low privilege users allows for SSRF
Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF...
CVE-2023-36387 Apache Superset: Improper API permission for low privilege users
An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections...
PT-2023-25567
Name of the Vulnerable Software and Affected Versions Apache Superset versions up to and including 2.1.0 Description The issue is related to improper REST API permission in Apache Superset, allowing authenticated Gamma users to test network connections, which may lead to a possible Server-Side...
openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0193-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0193-1 advisory. - Use after free in WebRTC. CVE-2023-3727, CVE-2023-3728 - Use after free in Tab Groups. CVE-2023-3730 - Out of bounds memory access in Mojo...
Microsoft Edge (Chromium) < 114.0.1901.183 / 115.0.1901.183 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1901.183 / 115.0.1901.183. It is, therefore, affected by multiple vulnerabilities as referenced in the July 21, 2023 advisory. - Microsoft Edge Chromium-based Spoofing Vulnerability CVE-2023-35392 - Microsoft Edg...
Debian DSA-5456-1 : chromium - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5456 advisory. - Use after free in WebRTC. CVE-2023-3727, CVE-2023-3728 - Use after free in Tab Groups. CVE-2023-3730 - Out of bounds memory access in Mojo. CVE-2023-3732 -...
Google Chrome Security Update (stable-channel-update-for-desktop-2023-07) - Linux
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
Google Chrome Security Update (stable-channel-update-for-desktop-2023-07) - Windows
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
Google Chrome < 115.0.5790.98 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 115.0.5790.98. It is, therefore, affected by multiple vulnerabilities as referenced in the 202307stable-channel-update-for-desktop advisory. - Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 115 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 115.0.5790.98 Linux and Mac, 115.0.5790.98/99 Windows contains a number of fixes and improvements -- a list of changes is...
Google Chrome < 115.0.5790.98 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 115.0.5790.98. It is, therefore, affected by multiple vulnerabilities as referenced in the 202307stable-channel-update-for-desktop advisory. - Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98...
CVE-2023-37238
Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features...
CVE-2022-3686 SDM600 API permission check
A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 Build Nr. 1.2.23000.291...
Reolink RLC-410W cgiserver.cgi cgi_check_ability improper access control vulnerabilities
Summary Multiple incorrect default permissions vulnerabilities exist in the cgiserver.cgi cgicheckability functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Teste...
CVE-2019-14544
routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks...