115 matches found
SAMSUNG Mobile devices security vulnerability
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, and more, from the South Korean company Samsung SAMSUNG. A security vulnerability previously existed in SAMSUNG Mobile devices SMR Dec-2023 Release 1 version, which stemmed from an improper authorization...
Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to a security restrictions bypass.
Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-30428, CVE-2023-30429, CVE-2023-37579 and CVE-2023-31007 The below vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-30428 DESCRIPTION: Apache Pulsar could allow a...
CVE-2023-23476
IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425...
CVE-2023-23476
IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425...
CVE-2023-23476
CVE-2023-23476 affects IBM Robotic Process Automation versions 21.0.0–21.0.7.latest. The vulnerability stems from insufficient authorization validation on certain API routes, enabling unauthorized data access. Public details confirm impact as data disclosure and outline that upgraded versions 23....
Security Bulletin: IBM Robotic Process Automation is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes (CVE-2023-23476)
Summary IBM Robotic Process Automation is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes CVE-2023-23476 Vulnerability Details CVEID:CVE-2023-23476 DESCRIPTION: IBM Robotic Process Automation is vulnerable to unauthorized access to data du...
PT-2023-2147 · Hitachi Energy · Sdm600
Name of the Vulnerable Software and Affected Versions: Hitachi Energy System Data Manager SDM600 versions prior to 1.2 FP3 HF4 Build Nr. 1.2.23000.291 Description: A vulnerability exists in the SDM600 API web services authorization validation implementation. An attacker who successfully exploits...
CVE-2023-27486 Insufficient authorization validation between zones when xCAT zones are enabled
xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management...
Tuleap 安全漏洞
Tuleap is open source an application lifecycle management system that facilitates agile software development, design projects, V-modeling, requirements management and IT service management. A security vulnerability exists in Tuleap versions prior to 14.2.99.104, which stems from a failure to...
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint
Overview During our internal security assessment, it was discovered that streamed-list-objects endpoint was not validating the authorization header resulting in the disclosure of objects in the store. Am I Affected? You are affected by this vulnerability if you are using openfga/openfga version...
CVE-2022-32277
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...
CVE-2022-32277
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...
Privilege Escalation
openjdk is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authorization allowing an attacker to update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data...
Privilege Escalation
openjdk is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authorization allowing an attacker to gain unauthorized access to critical data or complete access to all Oracle Java SE...
Privilege Escalation
openjdk is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authorization allowing an attacker to gain unauthorized access to critical data or complete access to all Oracle Java SE...
GHSA-JFGC-5VH4-8RH5 trytond Incorrect Authorization vulnerability
trytond 2.4: ModelView.button fails to validate authorization...
Denial Of Service (DoS)
IBM MQ is vulnerable to denial of service. The vulnerability exists due to a lack of validation of authorization allowing an attacker to crash the system...
CVE-2021-39341
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with...
Authorization
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with...
CVE-2021-39341 OptinMonster <= 2.6.4 Unprotected REST-API Endpoints
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with...