Lucene search
K

40 matches found

NVD
NVD
added 2023/10/11 12:15 p.m.35 views

CVE-2023-44106

API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally...

9.8CVSS9.4AI score0.00409EPSS
Exploits0References2
Prion
Prion
added 2023/10/11 12:15 p.m.19 views

Design/Logic Flaw

API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally...

7.5CVSS9.3AI score0.00409EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2023/10/11 11:55 a.m.31 views

CVE-2023-44106

API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally...

9.6AI score0.00409EPSS
Exploits0References2
Veracode
Veracode
added 2023/09/08 9:16 a.m.16 views

Remote Code Execution

ethyca-fides is vulnerable to Arbitrary Code Execution. The vulnerability is due to certain API clients who have a special level of permission called "CONNECTORTEMPLATEREGISTER." In the Fides Admin interface one can upload a zip file with arbitrary python code and can execute it. Exploitation is...

8.8CVSS7.5AI score0.00837EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/09/06 1:15 p.m.20 views

Input validation

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections...

5.5CVSS5.3AI score0.00839EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/09/06 12:53 p.m.39 views

CVE-2023-36388 Apache Superset: Improper API permission for low privilege users allows for SSRF

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF...

4.3CVSS5.6AI score0.00806EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/06 12:19 p.m.15 views

CVE-2023-36387 Apache Superset: Improper API permission for low privilege users

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections...

5.4CVSS6.7AI score0.00839EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/06 12:0 a.m.6 views

PT-2023-25567

Name of the Vulnerable Software and Affected Versions Apache Superset versions up to and including 2.1.0 Description The issue is related to improper REST API permission in Apache Superset, allowing authenticated Gamma users to test network connections, which may lead to a possible Server-Side...

5.4CVSS6.3AI score0.00806EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2023/07/27 12:0 a.m.31 views

openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0193-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0193-1 advisory. - Use after free in WebRTC. CVE-2023-3727, CVE-2023-3728 - Use after free in Tab Groups. CVE-2023-3730 - Out of bounds memory access in Mojo...

8.8CVSS7.1AI score0.01002EPSS
Exploits9References24
Tenable Nessus
Tenable Nessus
added 2023/07/21 12:0 a.m.58 views

Microsoft Edge (Chromium) < 114.0.1901.183 / 115.0.1901.183 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1901.183 / 115.0.1901.183. It is, therefore, affected by multiple vulnerabilities as referenced in the July 21, 2023 advisory. - Microsoft Edge Chromium-based Spoofing Vulnerability CVE-2023-35392 - Microsoft Edg...

8.8CVSS6.4AI score0.01002EPSS
Exploits9References29
Tenable Nessus
Tenable Nessus
added 2023/07/20 12:0 a.m.50 views

Debian DSA-5456-1 : chromium - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5456 advisory. - Use after free in WebRTC. CVE-2023-3727, CVE-2023-3728 - Use after free in Tab Groups. CVE-2023-3730 - Out of bounds memory access in Mojo. CVE-2023-3732 -...

8.8CVSS7.1AI score0.01002EPSS
Exploits9References26
OpenVAS
OpenVAS
added 2023/07/19 12:0 a.m.28 views

Google Chrome Security Update (stable-channel-update-for-desktop-2023-07) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

9.6CVSS6.9AI score0.01002EPSS
Exploits9References1
OpenVAS
OpenVAS
added 2023/07/19 12:0 a.m.30 views

Google Chrome Security Update (stable-channel-update-for-desktop-2023-07) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

9.6CVSS6.9AI score0.01002EPSS
Exploits9References1
Tenable Nessus
Tenable Nessus
added 2023/07/18 12:0 a.m.43 views

Google Chrome < 115.0.5790.98 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 115.0.5790.98. It is, therefore, affected by multiple vulnerabilities as referenced in the 202307stable-channel-update-for-desktop advisory. - Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98...

8.8CVSS7.2AI score0.01002EPSS
Exploits9References23
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2023/07/18 12:0 a.m.240 views

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 115 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 115.0.5790.98 Linux and Mac, 115.0.5790.98/99 Windows contains a number of fixes and improvements -- a list of changes is...

9.6CVSS8.1AI score0.01002EPSS
Exploits9Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/07/18 12:0 a.m.56 views

Google Chrome < 115.0.5790.98 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 115.0.5790.98. It is, therefore, affected by multiple vulnerabilities as referenced in the 202307stable-channel-update-for-desktop advisory. - Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98...

8.8CVSS7.2AI score0.01002EPSS
Exploits9References23
OSV
OSV
added 2023/07/06 1:15 p.m.2 views

CVE-2023-37238

Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features...

5.3CVSS5.8AI score0.00296EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/28 12:57 p.m.18 views

CVE-2022-3686 SDM600 API permission check

A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 Build Nr. 1.2.23000.291...

4.8CVSS9.2AI score0.01442EPSS
Exploits0References1
Talos
Talos
added 2022/01/26 12:0 a.m.71 views

Reolink RLC-410W cgiserver.cgi cgi_check_ability improper access control vulnerabilities

Summary Multiple incorrect default permissions vulnerabilities exist in the cgiserver.cgi cgicheckability functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Teste...

7.1CVSS7AI score0.0082EPSS
Exploits2
Cvelist
Cvelist
added 2019/08/02 9:17 p.m.32 views

CVE-2019-14544

routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks...

9.6AI score0.01528EPSS
Exploits0References1
Rows per page
Query Builder