Lucene search
K

121 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/08/06 5:16 p.m.24 views

Security Bulletin: IBM Storage Ceph is vulnerable to Insufficient Granularity of Access Control in Ceph (CVE-2023-43040)

Summary Ceph RGW is used by IBM Storage Ceph in RGW as part of storage. CVE-2023-43040 This bulletin identifies the steps to take to address the vulnerability in Ceph. Vulnerability Details CVEID:CVE-2023-43040 DESCRIPTION: IBM Spectrum Fusion HCI could allow an attacker to perform unauthorized...

9.8CVSS6.4AI score0.02539EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2024/06/12 6:34 a.m.15 views

Insufficient Granularity Of Access Control

lunary is vulnerable to an Insufficient Granularity of Access Control vulnerability. The vulnerability is due to improper validation of dataset ownership, allowing users to create, update, get, and delete prompt variations for datasets not owned by their organization, leading to unauthorized...

8.1CVSS6.8AI score0.00431EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/06/10 12:30 a.m.20 views

GHSA-3MWC-2CJ7-GX8C lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management

Withdrawn: This advisory was incorrectly linked the the npm package lunary. The advisory is valid, but not for that package. In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datase...

9.3CVSS6.5AI score0.00431EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/06/10 12:30 a.m.28 views

lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management

Withdrawn: This advisory was incorrectly linked the the npm package lunary. The advisory is valid, but not for that package. In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datase...

8.1CVSS6.6AI score0.00431EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2024/04/01 6:54 a.m.24 views

Insufficient Access Control

Kimai is vulnerable to Insufficient Granularity of Access Control. This vulnerability is due to the viewothertimesheet permission between the UI and API performing differently, leading to unauthorized access to timesheet entries...

6.8CVSS6.8AI score0.00644EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/03/19 4:15 p.m.26 views

CVE-2023-32259

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X SMAX, OpenText™ Asset Management X AMX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X SMAX versions 2020.05, 2020.08,...

6.5CVSS6.5AI score0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/19 3:54 p.m.33 views

CVE-2023-32259 Potential Insufficient Access Control vulnerability has been identified in OpenText™ SMAX/AMX products.

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X SMAX, OpenText™ Asset Management X AMX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X SMAX versions 2020.05, 2020.08,...

6.5CVSS6.7AI score0.0034EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/09/19 12:0 a.m.38 views

RHEL 8 : Red Hat Virtualization Host 4.4.z SP 1 (RHSA-2023:5209)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5209 advisory. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host,...

7.5CVSS8AI score0.59501EPSS
Exploits0References8
Cvelist
Cvelist
added 2023/06/14 12:0 a.m.30 views

CVE-2023-3227 Insufficient Granularity of Access Control in fossbilling/fossbilling

Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0...

5.4CVSS5.8AI score0.00407EPSS
Exploits1References2
OSV
OSV
added 2023/04/22 3:15 a.m.3 views

CVE-2023-0203

NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service...

7.7CVSS7.1AI score0.00517EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/22 12:0 a.m.7 views

PT-2023-16084 · Nvidia · Nvidia Connectx6-Dx +2

Name of the Vulnerable Software and Affected Versions: NVIDIA ConnectX-5 affected versions not specified NVIDIA ConnectX-6 affected versions not specified NVIDIA ConnectX6-DX affected versions not specified Description: The issue is related to insufficient granularity of access control in the NIC...

7.7CVSS7.2AI score0.00517EPSS
Exploits0References5
Prion
Prion
added 2023/02/16 8:15 p.m.22 views

Authorization

Insufficient granularity of access control in out-of-band management in some IntelR Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access...

4.7CVSS6.6AI score0.00539EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.1 views

SUSE CVE-2022-26365

Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...

6.6CVSS7.3AI score0.00325EPSS
Exploits0References33
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.2 views

SUSE CVE-2022-33741

Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...

6.6CVSS7.3AI score0.00325EPSS
Exploits0References33
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.6 views

SUSE CVE-2022-33740

Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...

6.6CVSS7.3AI score0.00325EPSS
Exploits0References33
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.3 views

SUSE CVE-2022-33742

Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...

6.6CVSS7.3AI score0.00328EPSS
Exploits0References33
Oracle linux
Oracle linux
added 2023/02/14 12:0 a.m.64 views

Unbreakable Enterprise kernel-container security update

5.4.17-2136.316.7 - runtime revert of virtionet: Stripe queue affinities across cores. Konrad Rzeszutek Wilk Orabug: 35001045 5.4.17-2136.316.6 - block: Change the granularity of io ticks from ms to ns Gulam Mohamed Orabug: 34780807 - powercap: intelrapl: support new layout of Psys PowerLimit...

8.8CVSS9.6AI score0.02014EPSS
Exploits0
Veracode
Veracode
added 2023/01/02 2:26 p.m.18 views

Improper Access Control

github.com/usememos/memos is vulnerable to improper access control. Insufficient granularity of access control due to insecure direct object references allows an attacker to delete the victim's archived memos...

4.3CVSS5.1AI score0.00534EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/12/28 3:30 p.m.16 views

GHSA-7QPW-2J9M-RW8C usememos/memos has Insufficient Granularity of Access Control

An Insufficient Granularity of Access Control in usememos/memos prior to 0.9.0 can allow an attacker to delete a memo from the archives...

4.3CVSS4.7AI score0.00534EPSS
Exploits1References4
NVD
NVD
added 2022/12/28 2:15 p.m.34 views

CVE-2022-4801

Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1...

8.2CVSS0.00681EPSS
Exploits1References2
Rows per page
Query Builder