Lucene search
+L

2505 matches found

Apple
Apple
added 2018/06/01 12:0 a.m.47 views

About the security content of iCloud for Windows 7.5

About the security content of iCloud for Windows 7.5 This document describes the security content of iCloud for Windows 7.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

8.8CVSS0.4AI score0.53772EPSS
Exploits25References1Affected Software1
Apple
Apple
added 2018/05/29 12:0 a.m.54 views

About the security content of iTunes 12.7.5 for Windows

About the security content of iTunes 12.7.5 for Windows This document describes the security content of iTunes 12.7.5 for Windows. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patche...

8.8CVSS0.5AI score0.53772EPSS
Exploits25References1Affected Software1
Prion
Prion
added 2018/04/20 6:29 p.m.20 views

Design/Logic Flaw

Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter...

5.5CVSS8.2AI score0.02161EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2018/03/22 7:25 p.m.24 views

Vimeo: Improper Authentication in Vimeo's API 'versions' endpoint.

The versions endpoint was exploitable by accounts that were not pro or business. Issue -- There was an authorization issue in versions endpoint, Which on exploiting could allow an attacker to leak private videos of pro/business users due to the fact version is only applicable for pro/business...

5.1AI score
Exploits0
Debian CVE
Debian CVE
added 2018/03/21 8:0 p.m.48 views

CVE-2017-0927

Removed by vendor...

6.5CVSS6.6AI score0.0082EPSS
Exploits0
Prion
Prion
added 2018/02/02 9:29 p.m.16 views

Code injection

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. IBM X-Force ID: 111783...

5.5CVSS6.3AI score0.00659EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/01/09 3:29 p.m.14 views

Authorization

In SAP Solution Manager 7.20, the role SAPBPOCONFIG gives the Business Process Operations BPO configuration user more authorization than required for configuring the BPO tools...

6.5CVSS8.7AI score0.01245EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/12/15 9:0 a.m.22 views

CVE-2017-17693

Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback...

4.8AI score0.00553EPSS
Exploits1References1
NVD
NVD
added 2017/11/27 9:29 p.m.22 views

CVE-2017-1628

IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks...

6.5CVSS6.2AI score0.01834EPSS
Exploits0References4
CNVD
CNVD
added 2017/10/19 12:0 a.m.5 views

Huawei FusionSphere OpenStack Licensing Issue Vulnerability

Huawei FusionSphere OpenStack is a suite of FusionSphere cloud operating system cloud platform software for ICT scenarios from Huawei, China. An authorization issue vulnerability exists in Huawei FusionSphere OpenStack version V100R006C00, which stems from an unreasonable privilege configuration...

7.8CVSS7.1AI score0.00216EPSS
Exploits0References1
CVE
CVE
added 2017/10/17 10:0 p.m.47 views

CVE-2017-14007

CVE-2017-14007 affects the ProMinent MultiFLEX M10a Controller web interface. The issue is Insufficient Session Expiration: a user’s session remains usable beyond the last activity, allowing an attacker to reuse an old session for authorization. Public sources (NVD) document the vulnerability wit...

6.8CVSS5.5AI score0.00907EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/09/13 12:0 a.m.7 views

Huawei FusionSphere Authorization Issues Vulnerability

Huawei FusionSphere, a product of Huawei, is a cloud operating system product developed based on the OpenStack framework. Huawei FusionSphere suffers from an authorization issue vulnerability, which can be exploited by an attacker to execute arbitrary commands, which in turn can query, modify, an...

4.6CVSS7.3AI score0.0026EPSS
Exploits0References1
Prion
Prion
added 2017/08/01 2:29 p.m.14 views

Authorization

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore, an attacker only needs to know the device ID. This causes a denial of service. This might be...

5CVSS7.4AI score0.01061EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2016/12/29 12:0 a.m.33 views

PT-2022-13726 · Phpipam +1 · Phpipam +1

Name of the Vulnerable Software and Affected Versions: phpipam/phpipam versions prior to 1.4.6 Description: The issue is related to improper access control, which can lead to incorrect authorization. Recommendations: For versions prior to 1.4.6, update to version 1.4.6 or later to resolve the iss...

9.8CVSS6.4AI score0.99714EPSS
Exploits84References75
CVE
CVE
added 2015/08/19 3:0 p.m.52 views

CVE-2015-4298

CVE-2015-4298 affects Cisco Unified Web and E-Mail Interaction Manager (versions 9.0(2) and 11.0(1)). The root cause is improper authorization handling that allows remote authenticated users to read or write stored data via unspecified vectors. The vulnerability results from insufficient validati...

6.5CVSS6.2AI score0.02456EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2014/07/29 8:55 p.m.18 views

CVE-2014-3896

Multiple cross-site request forgery CSRF vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting...

6.8CVSS7.4AI score0.00924EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2014/07/16 4:38 a.m.8 views

Important: Red Hat Security Advisory: JBoss Remoting security update

This advisory contains instructions on how to resolve one security issue found in the JBoss Remoting component, which is included in Red Hat JBoss Enterprise Application Platform 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1. The Red Ha...

6.8CVSS6.2AI score0.02609EPSS
Exploits0References4
Prion
Prion
added 2014/07/08 11:6 a.m.17 views

Authorization

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently...

8.2CVSS7.5AI score0.02923EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/04/10 11:0 p.m.36 views

CVE-2014-0908

The User Attribute implementation in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information,...

5.9AI score0.01055EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2012/07/22 4:0 p.m.32 views

CVE-2012-3356

Removed by vendor...

5CVSS6.7AI score0.02025EPSS
Exploits0
Rows per page
Query Builder