Lucene search
K

115 matches found

CNNVD
CNNVD
added 2023/12/05 12:0 a.m.6 views

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, and more, from the South Korean company Samsung SAMSUNG. A security vulnerability previously existed in SAMSUNG Mobile devices SMR Dec-2023 Release 1 version, which stemmed from an improper authorization...

4CVSS4.5AI score0.00207EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/28 3:14 a.m.69 views

Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to a security restrictions bypass.

Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-30428, CVE-2023-30429, CVE-2023-37579 and CVE-2023-31007 The below vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-30428 DESCRIPTION: Apache Pulsar could allow a...

9.6CVSS6.9AI score0.01043EPSS
Exploits0Affected Software2
NVD
NVD
added 2023/08/02 3:15 p.m.28 views

CVE-2023-23476

IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425...

6.5CVSS4.9AI score0.00417EPSS
Exploits0References2
OSV
OSV
added 2023/08/02 3:15 p.m.5 views

CVE-2023-23476

IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425...

6.5CVSS5.8AI score0.00417EPSS
Exploits0References2
CVE
CVE
added 2023/08/02 2:40 p.m.2528 views

CVE-2023-23476

CVE-2023-23476 affects IBM Robotic Process Automation versions 21.0.0–21.0.7.latest. The vulnerability stems from insufficient authorization validation on certain API routes, enabling unauthorized data access. Public details confirm impact as data disclosure and outline that upgraded versions 23....

6.5CVSS4.9AI score0.00417EPSS
Exploits0References2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/01 3:7 p.m.45 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes (CVE-2023-23476)

Summary IBM Robotic Process Automation is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes CVE-2023-23476 Vulnerability Details CVEID:CVE-2023-23476 DESCRIPTION: IBM Robotic Process Automation is vulnerable to unauthorized access to data du...

6.5CVSS5AI score0.00417EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/28 12:0 a.m.5 views

PT-2023-2147 · Hitachi Energy · Sdm600

Name of the Vulnerable Software and Affected Versions: Hitachi Energy System Data Manager SDM600 versions prior to 1.2 FP3 HF4 Build Nr. 1.2.23000.291 Description: A vulnerability exists in the SDM600 API web services authorization validation implementation. An attacker who successfully exploits...

7.7CVSS7.3AI score0.00484EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/03/08 6:53 p.m.20 views

CVE-2023-27486 Insufficient authorization validation between zones when xCAT zones are enabled

xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management...

8.1CVSS8.7AI score0.00853EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.2 views

Tuleap 安全漏洞

Tuleap is open source an application lifecycle management system that facilitates agile software development, design projects, V-modeling, requirements management and IT service management. A security vulnerability exists in Tuleap versions prior to 14.2.99.104, which stems from a failure to...

4.3CVSS5.1AI score0.00498EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/10/25 8:13 p.m.20 views

OpenFGA subject to Information Disclosure via streamed-list-objects endpoint

Overview During our internal security assessment, it was discovered that streamed-list-objects endpoint was not validating the authorization header resulting in the disclosure of objects in the store. Am I Affected? You are affected by this vulnerability if you are using openfga/openfga version...

5.3CVSS5.3AI score0.00672EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/09/06 8:15 p.m.3 views

CVE-2022-32277

Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...

5.3CVSS5.8AI score0.00451EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/06 12:0 a.m.25 views

CVE-2022-32277

Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...

5.6AI score0.00451EPSS
Exploits0References2
Veracode
Veracode
added 2022/04/24 12:27 a.m.70 views

Privilege Escalation

openjdk is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authorization allowing an attacker to update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data...

5.3CVSS5.2AI score0.02541EPSS
Exploits0References8Affected Software8
Veracode
Veracode
added 2022/04/23 9:7 a.m.47 views

Privilege Escalation

openjdk is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authorization allowing an attacker to gain unauthorized access to critical data or complete access to all Oracle Java SE...

7.5CVSS5.3AI score0.04046EPSS
Exploits0References7Affected Software8
Veracode
Veracode
added 2022/04/23 8:53 a.m.56 views

Privilege Escalation

openjdk is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authorization allowing an attacker to gain unauthorized access to critical data or complete access to all Oracle Java SE...

5.3CVSS5.3AI score0.02805EPSS
Exploits0References8Affected Software8
OSV
OSV
added 2022/04/23 12:40 a.m.7 views

GHSA-JFGC-5VH4-8RH5 trytond Incorrect Authorization vulnerability

trytond 2.4: ModelView.button fails to validate authorization...

8.7CVSS7.5AI score0.01763EPSS
Exploits0References10
Veracode
Veracode
added 2022/03/24 5:51 a.m.19 views

Denial Of Service (DoS)

IBM MQ is vulnerable to denial of service. The vulnerability exists due to a lack of validation of authorization allowing an attacker to crash the system...

6.5CVSS4.3AI score0.00945EPSS
Exploits0References2Affected Software3
NVD
NVD
added 2021/11/01 9:15 p.m.34 views

CVE-2021-39341

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with...

8.2CVSS0.2327EPSS
Exploits1References3
Prion
Prion
added 2021/11/01 9:15 p.m.26 views

Authorization

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with...

6.4CVSS7.6AI score0.2327EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/11/01 9:1 p.m.40 views

CVE-2021-39341 OptinMonster <= 2.6.4 Unprotected REST-API Endpoints

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with...

8.2CVSS7.9AI score0.2327EPSS
Exploits1References3
Rows per page
Query Builder