98 matches found
CVE-2023-4102
QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application...
CVE-2023-4101
The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application...
Vault.mintYieldFee FUNCTION CAN BE CALLED BY ANYONE TO MINT Vault Shares TO ANY RECIPIENT ADDRESS
Lines of code Vulnerability details Impact The Vault.mintYieldFee external function is used to mint Vault shares to the yield fee recipient. The function is an external function and can be called by anyone since there is no access control. The function will revert only under following two...
CVE-2023-1750
The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information...
PT-2023-11474 · Xiaomi · Xiaomi Router Firmware
Name of the Vulnerable Software and Affected Versions: Xiaomi router firmware affected versions not specified Description: The issue is caused by the lack of access control policies on some API interfaces, allowing attackers to exploit an unauthenticated API and reveal the WIFI password. This can...
AZL-13064 CVE-2018-14628 affecting package samba 4.12.5-7
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store...
多款Netgear产品安全漏洞
The Netgear NETGEAR D6400 and NETGEAR D6220 are both wireless modems from Netgear, Inc. A security vulnerability exists in NETGEAR that stems from certain NETGEAR devices being affected due to a lack of access control at the functional level...
CloudBees Jenkins Mercurial Security Feature Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Jenkins Mercurial plugin 2.11...
CVE-2020-27183
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact...
The vulnerability of Cisco Webex Meetings software, related to lack of access control, allows a intruder to connect to a password-protected meeting.
The vulnerability of Cisco Webex Meetings software is related to lack of access control. Exploiting this vulnerability allows a malicious actor to connect to a password-protected meeting, by entering a known meeting ID or the URL address of the meeting through a mobile browser...
The vulnerability of the Libraries component in Oracle Java SE software platforms allows a perpetrator to trigger a service failure.
The vulnerability of the Libraries component in Oracle Java SE software platforms is related to lack of access control. Exploiting this vulnerability could allow an attacker to cause service interruptions using network protocols...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain full control over the application.
The vulnerability of the Core component of the Oracle VM VirtualBox software is related to lack of access control. Exploiting this vulnerability can allow an attacker to gain full control over the application...
Moxa OnCell G3100-HSPA Security Feature Issue Vulnerability
Moxa OnCell G3100-HSPA is a G3100-HSPA series cellular network gateway device from Moxa, Taiwan, China. A security feature issue vulnerability exists in Moxa OnCell G3100-HSPA Series 1.6 Build 17100315 and prior versions. The vulnerability stems from a lack of security measures such as...
The vulnerability in the configuration of file system permissions in the Cisco NX-OSS device’s networking operating system allows a hacker to gain access to read and write file permissions.
The vulnerability of the file system configuration permissions in the Cisco NX-OSS device operating system is related to lack of access control mechanisms. Exploiting this vulnerability can allow an attacker to gain read and write access to files...
PT-2018-3370 · Samba Team +4 · Samba +3
Name of the Vulnerable Software and Affected Versions: Samba versions prior to 4.6.16 Samba versions prior to 4.7.9 Samba versions prior to 4.8.4 Description: The Samba Active Directory LDAP server has an information disclosure flaw due to missing access control checks. An authenticated attacker...
The vulnerability of the web server of the Unitrends Enterprise Backup software allows a hacker to obtain root privileges.
The vulnerability of the web server of the Unitrends Enterprise Backup software lies in its lack of access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to obtain root privileges by modifying the cookie file issued upon system login...
The vulnerability of the HP SiteScope computing resource monitoring system allows a perpetrator to increase their privileges.
The vulnerability of the HP SiteScope computing resource monitoring system lies in the lack of access control for certain functions. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
Vimeo: Adding profile picture to anyone on Vimeo
Hi! Brief The profile picture upload feature at https://vimeo.com/settings/profile contains a bug where an access control is missing for uploading a profile picture to a profile ID. This leads to the possibility of uploading a profile picture to any account on Vimeo. Furthermore, since the upload...