Lucene search
K

132 matches found

Veracode
Veracode
added 2020/10/18 1:50 a.m.32 views

Insecure Access Control

overlayfs uses insecure access control. Insufficient permission checking when copying up files in an overlayfs. An attacker is able to exploit the vulnerability to obtain read access to files on the system. that they would not normally be permitted to access...

5.1CVSS3.2AI score0.00396EPSS
Exploits0References12Affected Software3
Veracode
Veracode
added 2020/10/01 5:41 a.m.20 views

Insecure Access Control

github.com/hashicorp uses insecure access controls. Improper scheduling of the batch token expiration time allows the batch token leases to outlive their TTL Time-to-live...

6.8CVSS3.2AI score0.01012EPSS
Exploits0References4Affected Software2
Veracode
Veracode
added 2020/08/12 2:11 a.m.12 views

Insecure Access Control

istio is vulnerable to insecure access control due to incorrect translation of DENY policy for TCP service...

6.8CVSS2.9AI score0.011EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2020/06/12 5:50 a.m.19 views

Insecure Access Control

github.com/hashicorp/consul uses an insecure access control. The changes to legacy ACL tokens rules are not enforced as they are not being propagated to the secondary data center...

5.3CVSS2.9AI score0.01552EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/04/21 12:0 a.m.75 views

CVE-2020-11968

In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a required step for settin...

7.5CVSS7.5AI score0.02593EPSS
In wildExploits3References6
Openbugbounty
Openbugbounty
added 2020/04/08 8:31 p.m.6 views

solidflux.nl Improper Access Control vulnerability

Open Bug Bounty ID: OBB-1136536 Security Researcher keritzy Helped patch 2027 vulnerabilities Received 5 Coordinated Disclosure badges Received 4 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting solidflux.nl website and it...

0.2AI score
Exploits0
CNVD
CNVD
added 2020/03/23 12:0 a.m.3 views

Avast Secure Browser Local Elevation of Privilege Vulnerability

Avast Secure Browser is a new browser built for privacy. A security vulnerability exists in Avast Secure Browser version 76.0.1659.101 that stems from an insecure ACL set by the AvastBrowserUpdate.exe file. The vulnerability can be exploited by creating a hard link named Update.ini in the...

7.8CVSS6.9AI score0.00522EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/01/27 12:0 a.m.6 views

PT-2020-9879 · Avast · Avast Secure Browser

Name of the Vulnerable Software and Affected Versions: Avast Secure Browser version 76.0.1659.101 Description: A Local Privilege Escalation issue was discovered due to an insecure ACL set by the AvastBrowserUpdate.exe when AvastSecureBrowser.exe checks for new updates. The elevated process cleans...

7.8CVSS7.6AI score0.00522EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2020/01/14 12:0 a.m.4 views

PT-2020-1416 · Oracle · X-Window-System +1

Name of the Vulnerable Software and Affected Versions: Oracle Solaris versions 10 and 11 Description: The issue is related to inadequate access control in the X Window System component of Oracle Solaris. It allows an attacker with low privileges and logon access to the infrastructure to compromis...

4.4CVSS4.6AI score0.0056EPSS
Exploits2References10
Prion
Prion
added 2020/01/06 9:15 p.m.18 views

Design/Logic Flaw

OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks...

7.2CVSS6.9AI score0.0056EPSS
Exploits1References1Affected Software1
Openbugbounty
Openbugbounty
added 2019/12/02 5:5 a.m.8 views

nidv.eu Improper Access Control vulnerability

Security Researcher geeknik Helped patch 8525 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting nidv.eu website and its users. Following coordinated and...

0.2AI score
Exploits0
NVD
NVD
added 2019/09/24 3:15 p.m.18 views

CVE-2019-13356

In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll, which leads to privilege escalation when the AMRT service loads the DLL...

7.8CVSS7.8AI score0.00376EPSS
Exploits1References2
OSV
OSV
added 2019/09/24 3:15 p.m.3 views

CVE-2019-13355

In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable...

7.8CVSS7.1AI score0.00365EPSS
Exploits1References2
NVD
NVD
added 2019/09/24 3:15 p.m.23 views

CVE-2019-13355

In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable...

7.8CVSS7.8AI score0.00365EPSS
Exploits1References2
CVE
CVE
added 2019/09/24 2:9 p.m.48 views

CVE-2019-13355

In Total Defense Anti-virus 9.0.0.773, an insecure access control weakness on the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows a local attacker to hijack dotnetproxy.exe, enabling privilege escalation when the ccSchedulerSVC service executes the file. The...

7.8CVSS7.7AI score0.00365EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/09/24 2:9 p.m.18 views

CVE-2019-13355

In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable...

7.8AI score0.00365EPSS
Exploits1References2
CVE
CVE
added 2019/09/24 2:9 p.m.46 views

CVE-2019-13356

In Total Defense Anti-virus 9.0.0.773, an insecure access-control issue in the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows a local attacker to hijack bdcore.dll and escalate privileges when the AMRT service loads the DLL. The core issue is improper ac...

7.8CVSS7.7AI score0.00376EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2019/09/20 4:15 p.m.19 views

Information disclosure

On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product...

4.3CVSS6.3AI score0.00802EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/09/20 3:15 p.m.2 views

CVE-2016-11007

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpiuserid for invoice retrieval...

5.3CVSS5.8AI score0.01972EPSS
Exploits1References3
OSV
OSV
added 2018/07/10 2:29 p.m.6 views

CVE-2018-9853

Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server...

9.8CVSS5.8AI score0.01287EPSS
Exploits0References1
Rows per page
Query Builder