Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030)

Impact Sean Wright from Secureworks has discovered an enumeration vulnerability. An attacker can make use of the Harbor API to make unauthenticated calls to the Harbor instance. Based on the HTTP status code in the response, an attacker is then able to work out which resources exist, and which do...

Improper access control

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. A broken access control vulnerability ha...

CVE-2019-15953

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads to vertica...

Fedora 18 : ReviewBoard-1.7.14-1.fc18 / python-djblets-0.7.18-1.fc18 (2013-17443)

Mon Sep 23 2013 Stephen Gallagher - 1.7.14-1 - New upstream security release 1.7.14 - http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.14/ - Some API resources were accessible even if their parent resources were not, due to a missing check. In most cases, this was harmless, but it...

Fedora 19 : ReviewBoard-1.7.14-1.fc19 / python-djblets-0.7.18-1.fc19 (2013-17449)

Mon Sep 23 2013 Stephen Gallagher - 1.7.14-1 - New upstream security release 1.7.14 - http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.14/ - Some API resources were accessible even if their parent resources were not, due to a missing check. In most cases, this was harmless, but it...