PYSEC-2021-875

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

PYSEC-2021-335

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

Default configuration

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

PYSEC-2021-335

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

CVE-2021-32807

CVE-2021-32807 affects Zope’s AccessControl: versions 4 and 5 are vulnerable on Python 3, with RestrictedPython/Script (Python) contexts exposing unsafe access via the string module (Formatter). The issue allows access to other unsafe Python libraries, enabling remote code execution if untrusted ...

CVE-2021-32807 Remote Code Execution via unsafe classes in otherwise permitted modules

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

PT-2021-19944 · Zope · Accesscontrol +1

Name of the Vulnerable Software and Affected Versions: AccessControl versions 4.0 through 4.2 AccessControl versions 5.0 through 5.1 Zope versions prior to 4.6.3 Zope versions prior to 5.3 Description: The module AccessControl defines security policies for Python code used in restricted code with...

Zope 注入漏洞

Zope is a set of open source object-oriented web application servers written in the Python language by the Zope community. An injection vulnerability exists in Zope AccessControl. The vulnerability stems from a lack of proper validation of user input data by a web system or product during the...

CVE-2021-25430

Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application...

CVE-2021-25231

An improper access control vulnerability in Trend Micro Apex One on-prem and SaaS, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file...

CVE-2021-21471

In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application...

CVE-2020-28861

OpenAsset Digital Asset Management DAM 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application...

canadianbullion.ca Improper Access Control vulnerability OBB-1488437

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

pitt.edu Improper Access Control vulnerability OBB-1466838

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

centralamericadata.com Improper Access Control vulnerability OBB-1384597

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

boatsandoutboards.co.uk Improper Access Control vulnerability OBB-1356164

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2020-3930

GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs...

CVE-2020-8113

Removed by vendor...

CVE-2020-8802

SuiteCRM through 7.11.11 has Incorrect Access Control via actionsaveHTMLField Bean Manipulation...

CVE-2019-20143

An issue was discovered in GitLab Community Edition CE and Enterprise Edition EE 12.6. It has Incorrect Access Control...