Lucene search
K

44 matches found

Cvelist
Cvelist
added 2024/05/29 1:29 p.m.26 views

CVE-2024-36377

In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions...

6.5CVSS6.5AI score0.0033EPSS
Exploits0References1
Prion
Prion
added 2024/02/09 3:15 p.m.13 views

Code injection

Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/membercount API resulting in channel member counts being leaked to a user without permissions...

4CVSS7.3AI score0.00314EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2023/12/12 11:53 a.m.30 views

Authorization Bypass

quarkus-smallrye-graphql is vulnerable to Authorization Bypass. The vulnerability is due to doHandle function in SmallRyeGraphQLOverWebSocketHandler.java file there are no checks to ensure that the user is authenticated or authorized to access the GraphQL endpoint. This allows an attacker to acce...

9.1CVSS6.3AI score0.00814EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2023/12/09 1:26 a.m.125 views

CVE-2023-6394

CVE-2023-6394 describes an authorization bypass in Quarkus where a websocket GraphQL operation can be processed without authentication if no role-based permission is specified. This allows potential access to information and functionality beyond the granted API permissions. The NVD entry lists a ...

9.1CVSS8.2AI score0.00814EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2023/12/09 1:26 a.m.53 views

CVE-2023-6394

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and...

7.4CVSS7AI score0.00814EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.8 views

PT-2023-3712 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 115.0.5790.98 Description: The issue is related to an inappropriate implementation in Web API Permission Prompts in Google Chrome, which may allow a remote attacker to obfuscate security UI via a crafted HTML...

9.8CVSS3.9AI score0.99735EPSS
Exploits132References1123
The Hacker News
The Hacker News
added 2022/10/26 3:50 p.m.70 views

Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans

The North Korean espionage-focused actor known as Kimsuky has been observed using three different Android malware strains to target users located in its southern counterpart. That's according to findings from South Korean cybersecurity company S2W, which named the malware families FastFire,...

1.5AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/05/04 7:15 a.m.4 views

CVE-2022-1502

Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions...

4.3CVSS5.5AI score0.00502EPSS
Exploits0References2
OSV
OSV
added 2022/05/04 7:15 a.m.2 views

CVE-2022-1502

Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions...

4.3CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/03/18 6:0 p.m.7 views

CVE-2022-1003 Sysadmin can override existing configs & bypass restrictions like EnableUploads

One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads...

3.3CVSS6.8AI score0.00482EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/07/15 12:0 a.m.5 views

PT-2021-4011 · Icingadb +4 · Icingadb +7

Name of the Vulnerable Software and Affected Versions: Icinga versions prior to 2.11.10 Icinga versions 2.12.0 through 2.12.4 Description: The issue concerns the exposure of credentials for external services through the API to authenticated API users with read permissions for the corresponding...

9.8CVSS6.9AI score0.02934EPSS
Exploits5References38
OpenVAS
OpenVAS
added 2021/02/10 12:0 a.m.9 views

OpenEMR < 5.0.2.2 Multiple Vulnerabilities

OpenEMR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:open-emr:openemr"; ifdescription...

9CVSS8.9AI score0.64144EPSS
Exploits1References1
Prion
Prion
added 2020/12/11 2:15 a.m.14 views

Design/Logic Flaw

Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO Driver versions prior to 20.5 remotely...

7.8CVSS7.5AI score0.01109EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/06/19 5:15 p.m.11 views

CVE-2019-20887

An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts...

4.3CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2020/06/19 5:15 p.m.14 views

Design/Logic Flaw

An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts...

4CVSS4.7AI score0.00651EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/19 4:39 p.m.26 views

CVE-2019-20887

An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts...

4.7AI score0.00651EPSS
Exploits0References1
CVE
CVE
added 2020/06/19 4:39 p.m.50 views

CVE-2019-20887

Mattermost Server versions affected: before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. The issue is that flags API permissions are not honored when deciding whether a user can receive intra‑team posts. Root cause and exact impact are not deeply elaborated in the provided documents beyond this behavior, but...

4.3CVSS4.6AI score0.00651EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/06/03 1:15 p.m.18 views

CVE-2020-2191

Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels...

4.3CVSS7AI score
Exploits0References2
Microsoft KB
Microsoft KB
added 2019/09/10 7:0 a.m.48 views

Description of the security update for SharePoint Server 2019: September 10, 2019

Description of the security update for SharePoint Server 2019: September 10, 2019 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft SharePoint if the software does not check the source markup of an application package. To learn more about this...

8.8CVSS7.5AI score0.11659EPSS
Exploits0
OSV
OSV
added 2018/05/09 7:29 p.m.1 views

CVE-2018-8134

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers...

7CVSS7.1AI score0.03046EPSS
Exploits1References4
Rows per page
Query Builder