Lucene search
K

72 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-13294

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. CVE-2020-13294 Note that Nessus relies...

5.5CVSS5.7AI score0.01221EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-39945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all...

4CVSS4.8AI score0.00908EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 12:40 a.m.7 views

CVE-2022-41963

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a...

3.1CVSS6.6AI score0.00417EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/03/06 9:48 a.m.32 views

How to Find and Fix Risky Sharing in Google Drive

Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally...

6.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2022/12/16 1:0 p.m.7 views

CVE-2022-41963 BigBlueButton contains Improper Preservation of Permissions for whiteboard

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a...

2.7CVSS3.7AI score0.00417EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/16 12:0 a.m.5 views

BigBlueButton 安全漏洞

BigBlueButton is an open source web conferencing system from the BigBlueButton community. A security vulnerability exists in BigBlueButton versions prior to 2.4.3 that stems from the inclusion of a whiteboard grace period for handling delayed messages, which can be exploited by an attacker to tak...

3.1CVSS5.1AI score0.00417EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.9 views

PT-2022-17478 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue concerns Octopus Server versions where access is managed by an external authentication provider. In these versions, it was possible for the API key/keys of a disabled or...

9.8CVSS9.4AI score0.00833EPSS
Exploits0References3
OSV
OSV
added 2022/09/27 11:15 p.m.3 views

CVE-2022-37193

Chipolo ONE Bluetooth tracker 2020 Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials...

7.4CVSS5.8AI score0.00545EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/27 12:54 p.m.3 views

CVE-2022-37193

Chipolo ONE Bluetooth tracker 2020 Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials...

7.2AI score0.00545EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2022/07/28 12:0 a.m.30 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Revoke access to confidential notes todos Pipeline subscriptions trigger new pipelines with the wrong author Ability to gain access to private project through an email invite by using other user's email address as an unverified secondary email Import via git protocol allows to...

8.5CVSS3.2AI score0.01092EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/03/10 7:20 p.m.31 views

CVE-2022-23041

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...

7.5AI score0.00351EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/11/23 5:57 p.m.53 views

Improper Privilege Management in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked...

9.8CVSS8.7AI score0.02445EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2021/11/03 3:50 a.m.14 views

CVE-2021-41312

Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors...

6.9AI score0.01173EPSS
Exploits0References1
OSV
OSV
added 2020/08/10 2:15 p.m.2 views

UBUNTU-CVE-2020-13294

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application...

5.4CVSS5.8AI score0.01221EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/08/10 12:0 a.m.3 views

PT-2020-13435 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: The issue arises when access grants are not revoked after a user has revoked access to an application. This could potentially lead t...

5.5CVSS5.2AI score0.01221EPSS
Exploits0References14
Cvelist
Cvelist
added 2020/07/22 6:5 p.m.17 views

CVE-2014-1422 Location service uses cached authorization even after revocation

In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in...

5CVSS5AI score0.00367EPSS
Exploits1References2
NVD
NVD
added 2020/06/23 3:15 p.m.15 views

CVE-2020-9438

Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled...

5.9CVSS0.00666EPSS
Exploits0References1
OSV
OSV
added 2020/06/23 3:15 p.m.3 views

CVE-2020-9438

Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled...

5.9CVSS6.2AI score0.00666EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/06/23 2:31 p.m.20 views

CVE-2020-9438

Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled...

5.7AI score0.00666EPSS
Exploits0References1
Akamai Blog
Akamai Blog
added 2020/03/25 11:30 a.m.28 views

Taking Content Protection to the Edge

To protect our industry, we need to protect our content. That's been an ongoing theme in conversations with Akamai's broadcast customers whose streaming offerings have evolved into critical business units. The revenue loss figures in question aren't trivial, nor is the scope of the impact. Global...

7.2AI score
Exploits0
Rows per page
Query Builder