Lucene search
K

98 matches found

OSV
OSV
added 2023/10/03 12:15 p.m.4 views

CVE-2023-4102

QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application...

8.8CVSS5.8AI score0.00584EPSS
Exploits0References1
OSV
OSV
added 2023/10/03 12:15 p.m.6 views

CVE-2023-4101

The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application...

6.5CVSS5.8AI score0.00398EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.11 views

Vault.mintYieldFee FUNCTION CAN BE CALLED BY ANYONE TO MINT Vault Shares TO ANY RECIPIENT ADDRESS

Lines of code Vulnerability details Impact The Vault.mintYieldFee external function is used to mint Vault shares to the yield fee recipient. The function is an external function and can be called by anyone since there is no access control. The function will revert only under following two...

6.7AI score
Exploits0
OSV
OSV
added 2023/04/04 5:15 p.m.4 views

CVE-2023-1750

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information...

7.1CVSS7.1AI score0.00485EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/29 12:0 a.m.6 views

PT-2023-11474 · Xiaomi · Xiaomi Router Firmware

Name of the Vulnerable Software and Affected Versions: Xiaomi router firmware affected versions not specified Description: The issue is caused by the lack of access control policies on some API interfaces, allowing attackers to exploit an unauthenticated API and reveal the WIFI password. This can...

7.5CVSS7.5AI score0.01031EPSS
Exploits0References4
OSV
OSV
added 2023/01/17 6:15 p.m.12 views

AZL-13064 CVE-2018-14628 affecting package samba 4.12.5-7

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store...

4.3CVSS6.5AI score0.01168EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.3 views

多款Netgear产品安全漏洞

The Netgear NETGEAR D6400 and NETGEAR D6220 are both wireless modems from Netgear, Inc. A security vulnerability exists in NETGEAR that stems from certain NETGEAR devices being affected due to a lack of access control at the functional level...

10CVSS8.3AI score0.01338EPSS
Exploits0References2
CNVD
CNVD
added 2020/11/09 12:0 a.m.1 views

CloudBees Jenkins Mercurial Security Feature Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Jenkins Mercurial plugin 2.11...

4.3CVSS7.1AI score0.01066EPSS
Exploits0References1
OSV
OSV
added 2020/10/27 5:15 a.m.5 views

CVE-2020-27183

A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact...

9.8CVSS5.8AI score0.01347EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/03/12 12:0 a.m.4 views

The vulnerability of Cisco Webex Meetings software, related to lack of access control, allows a intruder to connect to a password-protected meeting.

The vulnerability of Cisco Webex Meetings software is related to lack of access control. Exploiting this vulnerability allows a malicious actor to connect to a password-protected meeting, by entering a known meeting ID or the URL address of the meeting through a mobile browser...

7.8CVSS7.2AI score0.0149EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/02/03 12:0 a.m.5 views

The vulnerability of the Libraries component in Oracle Java SE software platforms allows a perpetrator to trigger a service failure.

The vulnerability of the Libraries component in Oracle Java SE software platforms is related to lack of access control. Exploiting this vulnerability could allow an attacker to cause service interruptions using network protocols...

4.3CVSS6.4AI score0.03823EPSS
Exploits0References7Affected Software16
BDU FSTEC
BDU FSTEC
added 2019/08/06 12:0 a.m.5 views

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain full control over the application.

The vulnerability of the Core component of the Oracle VM VirtualBox software is related to lack of access control. Exploiting this vulnerability can allow an attacker to gain full control over the application...

7.5CVSS7.8AI score0.00456EPSS
Exploits0References5Affected Software2
CNVD
CNVD
added 2019/07/09 12:0 a.m.5 views

Moxa OnCell G3100-HSPA Security Feature Issue Vulnerability

Moxa OnCell G3100-HSPA is a G3100-HSPA series cellular network gateway device from Moxa, Taiwan, China. A security feature issue vulnerability exists in Moxa OnCell G3100-HSPA Series 1.6 Build 17100315 and prior versions. The vulnerability stems from a lack of security measures such as...

9.8CVSS7AI score0.00906EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/03/22 12:0 a.m.11 views

The vulnerability in the configuration of file system permissions in the Cisco NX-OSS device’s networking operating system allows a hacker to gain access to read and write file permissions.

The vulnerability of the file system configuration permissions in the Cisco NX-OSS device operating system is related to lack of access control mechanisms. Exploiting this vulnerability can allow an attacker to gain read and write access to files...

7.8CVSS7.2AI score0.00392EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2018/08/14 12:0 a.m.12 views

PT-2018-3370 · Samba Team +4 · Samba +3

Name of the Vulnerable Software and Affected Versions: Samba versions prior to 4.6.16 Samba versions prior to 4.7.9 Samba versions prior to 4.8.4 Description: The Samba Active Directory LDAP server has an information disclosure flaw due to missing access control checks. An authenticated attacker...

10CVSS6.6AI score0.99512EPSS
Exploits168References265
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.8 views

The vulnerability of the web server of the Unitrends Enterprise Backup software allows a hacker to obtain root privileges.

The vulnerability of the web server of the Unitrends Enterprise Backup software lies in its lack of access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to obtain root privileges by modifying the cookie file issued upon system login...

10CVSS7.8AI score0.04394EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.7 views

The vulnerability of the HP SiteScope computing resource monitoring system allows a perpetrator to increase their privileges.

The vulnerability of the HP SiteScope computing resource monitoring system lies in the lack of access control for certain functions. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

8.7CVSS5.4AI score0.03484EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2015/01/13 9:59 p.m.29 views

Vimeo: Adding profile picture to anyone on Vimeo

Hi! Brief The profile picture upload feature at https://vimeo.com/settings/profile contains a bug where an access control is missing for uploading a profile picture to a profile ID. This leads to the possibility of uploading a profile picture to any account on Vimeo. Furthermore, since the upload...

Exploits0
Rows per page
Query Builder