Lucene search
K

3979 matches found

OSV
OSV
added 2022/05/13 1:40 a.m.18 views

GHSA-HX44-C87V-P6XG Opencast has Incorrect Permission Assignment

In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role...

6.5CVSS6.3AI score0.00764EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:40 a.m.16 views

Opencast has Incorrect Permission Assignment

In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role...

6.5CVSS2.3AI score0.00764EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:36 a.m.25 views

Incorrect Permission Assignment for Critical Resource in Jenkins

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials SECURITY-392, resulting in future builds possibly failing to download a JDK...

5.5CVSS6AI score0.01577EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/13 1:31 a.m.16 views

GHSA-3FJ7-9J8M-7R8G Moodle Stored HTML in assignment submission comments allowed links to be opened directly

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly in the same window. Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more...

6.1CVSS5.5AI score0.0082EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/13 1:31 a.m.26 views

Moodle Stored HTML in assignment submission comments allowed links to be opened directly

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly in the same window. Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more...

6.1CVSS7AI score0.0082EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/13 1:21 a.m.12 views

GHSA-Q9QR-H33G-FW3J TeamPass Storing Passwords in a Recoverable Format vulnerability

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role...

9.8CVSS9.7AI score0.01724EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.32 views

Moodle multiple cross-site request forgery (CSRF) vulnerabilities

Multiple cross-site request forgery CSRF vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests...

6.8CVSS7.8AI score0.01006EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/05/13 1:12 a.m.20 views

GHSA-H75F-HJCR-CVH8 Moodle multiple cross-site request forgery (CSRF) vulnerabilities

Multiple cross-site request forgery CSRF vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests...

6.8CVSS6.8AI score0.01006EPSS
Exploits0References9
OSV
OSV
added 2022/05/13 1:12 a.m.11 views

GHSA-F5PM-C4CW-563P Moodle cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...

8.8CVSS8.8AI score0.00975EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.17 views

Moodle cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...

8.8CVSS7.2AI score0.00975EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2022/05/13 1:12 a.m.8 views

GHSA-5M64-9HQ5-5PF2 Statamic framework Incorrect Permission Assignment

Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc...

8.8CVSS8.7AI score0.00867EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.23 views

Statamic framework Incorrect Permission Assignment

Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc...

8.8CVSS6.8AI score0.00867EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/13 12:0 a.m.29 views

Incorrect Permission Assignment for Critical Resource

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API /cobblerapi that can result in Privilege escalation, data manipulation or...

9.8CVSS7.2AI score0.12484EPSS
Exploits0References4Affected Software1
RubySec
RubySec
added 2022/05/13 12:0 a.m.18 views

Phusion Passenger incorrect permission assignment

An issue was discovered in switchGroup in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups gidset is not set correctly, leaving it up to randomness i.e., uninitialized memory which supplementary groups are actually being set while lowering privileges...

5.3CVSS3.4AI score0.01198EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/05/11 3:15 p.m.21 views

CVE-2021-44167

An incorrect permission assignment for critical resource vulnerability CWE-732 in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links...

7.5CVSS0.00487EPSS
Exploits0References1
Prion
Prion
added 2022/05/11 3:15 p.m.19 views

Design/Logic Flaw

An incorrect permission assignment for critical resource vulnerability CWE-732 in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links...

5CVSS7.4AI score0.00487EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/11 2:25 p.m.16 views

CVE-2021-44167

An incorrect permission assignment for critical resource vulnerability CWE-732 in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links...

6.8CVSS6.7AI score0.00487EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/05/11 2:25 p.m.17 views

CVE-2021-44167

An incorrect permission assignment for critical resource vulnerability CWE-732 in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links...

6.8CVSS7.7AI score0.00487EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2022/05/10 3:28 p.m.25 views

CVE-2022-1655

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and...

6.5CVSS0.8AI score0.00471EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/05/07 1:54 p.m.53 views

CVE-2021-43816

An incorrect permission assignment flaw was found in containerd. This flaw allows a local attacker to use a specially designed text file to read and write files outside of the container's scope...

9.1CVSS2.8AI score0.0169EPSS
Exploits1References4
Rows per page
Query Builder