121 matches found
Security Bulletin: IBM Storage Ceph is vulnerable to Insufficient Granularity of Access Control in Ceph (CVE-2023-43040)
Summary Ceph RGW is used by IBM Storage Ceph in RGW as part of storage. CVE-2023-43040 This bulletin identifies the steps to take to address the vulnerability in Ceph. Vulnerability Details CVEID:CVE-2023-43040 DESCRIPTION: IBM Spectrum Fusion HCI could allow an attacker to perform unauthorized...
Insufficient Granularity Of Access Control
lunary is vulnerable to an Insufficient Granularity of Access Control vulnerability. The vulnerability is due to improper validation of dataset ownership, allowing users to create, update, get, and delete prompt variations for datasets not owned by their organization, leading to unauthorized...
GHSA-3MWC-2CJ7-GX8C lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management
Withdrawn: This advisory was incorrectly linked the the npm package lunary. The advisory is valid, but not for that package. In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datase...
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management
Withdrawn: This advisory was incorrectly linked the the npm package lunary. The advisory is valid, but not for that package. In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datase...
Insufficient Access Control
Kimai is vulnerable to Insufficient Granularity of Access Control. This vulnerability is due to the viewothertimesheet permission between the UI and API performing differently, leading to unauthorized access to timesheet entries...
CVE-2023-32259
Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X SMAX, OpenText™ Asset Management X AMX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X SMAX versions 2020.05, 2020.08,...
CVE-2023-32259 Potential Insufficient Access Control vulnerability has been identified in OpenText™ SMAX/AMX products.
Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X SMAX, OpenText™ Asset Management X AMX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X SMAX versions 2020.05, 2020.08,...
RHEL 8 : Red Hat Virtualization Host 4.4.z SP 1 (RHSA-2023:5209)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5209 advisory. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host,...
CVE-2023-3227 Insufficient Granularity of Access Control in fossbilling/fossbilling
Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0...
CVE-2023-0203
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service...
PT-2023-16084 · Nvidia · Nvidia Connectx6-Dx +2
Name of the Vulnerable Software and Affected Versions: NVIDIA ConnectX-5 affected versions not specified NVIDIA ConnectX-6 affected versions not specified NVIDIA ConnectX6-DX affected versions not specified Description: The issue is related to insufficient granularity of access control in the NIC...
Authorization
Insufficient granularity of access control in out-of-band management in some IntelR Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access...
SUSE CVE-2022-26365
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
SUSE CVE-2022-33741
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
SUSE CVE-2022-33740
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
SUSE CVE-2022-33742
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.316.7 - runtime revert of virtionet: Stripe queue affinities across cores. Konrad Rzeszutek Wilk Orabug: 35001045 5.4.17-2136.316.6 - block: Change the granularity of io ticks from ms to ns Gulam Mohamed Orabug: 34780807 - powercap: intelrapl: support new layout of Psys PowerLimit...
Improper Access Control
github.com/usememos/memos is vulnerable to improper access control. Insufficient granularity of access control due to insecure direct object references allows an attacker to delete the victim's archived memos...
GHSA-7QPW-2J9M-RW8C usememos/memos has Insufficient Granularity of Access Control
An Insufficient Granularity of Access Control in usememos/memos prior to 0.9.0 can allow an attacker to delete a memo from the archives...
CVE-2022-4801
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1...