Lucene search
K

46 matches found

CNNVD
CNNVD
added 2024/07/09 12:0 a.m.5 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments that stems from an insecure authorization issue in the /providers interface. A low-privileged attacker can exploit the vulnerability to create privileged users provide...

8.8CVSS6.8AI score0.00349EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.7 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /appointments/appointmentId interface. A low-privileged attacker can exploit this vulnerability to obtain,...

9.9CVSS6.8AI score0.00415EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.4 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /secretaries interface. A low-privilege attacker can exploit the vulnerability to create a low-privilege user...

7.7CVSS6.8AI score0.00327EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.4 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /providers/providerId interface. A low-privileged attacker can exploit the vulnerability to obtain, modify, or...

9.9CVSS6.8AI score0.004EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.5 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments that stems from an insecure authorization issue in the /customers interface. A low-privilege attacker can exploit the vulnerability to create low-privilege users...

5CVSS6.8AI score0.00295EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.5 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /services/serviceId interface. A low-privileged attacker can exploit this vulnerability to gain access to,...

9.6CVSS7AI score0.0039EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.6 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /appointments interface. A low-privileged attacker can exploit the vulnerability to create appointments for an...

7.7CVSS6.8AI score0.00338EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/28 9:32 p.m.16 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to insecure authorization (CVE-2023-35022)

Summary An insecure authorization vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-35022 DESCRIPTION: IBM InfoSphere Information Server could allow a local user to update projects that they do not have the authorization to access. CVSS Base...

3.3CVSS3.5AI score0.00162EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.20 views

GitLab 12.8 < 12.9.8 / 12.10 < 12.10.7 / 13.0 < 13.0.1 (CVE-2020-13266)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions CVE-2020-13266 Note...

4.3CVSS5.3AI score0.00554EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:23 a.m.28 views

BIT-GITLAB-2020-13266

Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions...

4.3CVSS4.2AI score0.00554EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/28 12:0 a.m.3 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab has a security vulnerability that stems from its insecure authorization...

9.8CVSS8.3AI score0.00809EPSS
Exploits0References4
Prion
Prion
added 2022/06/03 3:15 p.m.16 views

Authorization

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information wifikey, wifiname, etc. without authorization...

5CVSS7.4AI score0.01369EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/01/08 12:31 a.m.15 views

GHSA-44GV-FGCJ-W546 Missing Authorization in DayByDay CRM

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the...

4.3CVSS4.4AI score0.0068EPSS
Exploits0References4
Veracode
Veracode
added 2020/11/24 1:4 a.m.20 views

Privilege Escalation

october is vulnerable to privilege escalation. Users with "Publisher" access is able to escalate their access to "Developer" due to insecure authorization in the create & manager users module...

4.2CVSS4.1AI score0.00309EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2020/11/02 6:7 a.m.13 views

Insecure Authorization

strapi-plugin-content-type-builder suffers from insecure authorization. The admin::hasPermissions restriction for the content-type-builder CTB routes are not configured, allowing unauthorized access to the affected resources...

7.5CVSS4.8AI score0.01195EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/07/06 12:0 a.m.26 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (0a305431-bc98-11ea-a051-001b217b3468)

Gitlab reports : Missing Permission Check on Time Tracking Cross-Site Scripting in PyPi Files API Insecure Authorization Check on Private Project Security Dashboard Cross-Site Scripting in References Cross-Site Scripting in Group Names Cross-Site Scripting in Blob Viewer Cross-Site Scripting in...

8.8CVSS6.7AI score0.04182EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2020/07/01 12:0 a.m.44 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Missing Permission Check on Time Tracking Cross-Site Scripting in PyPi Files API Insecure Authorization Check on Private Project Security Dashboard Cross-Site Scripting in References Cross-Site Scripting in Group Names Cross-Site Scripting in Blob Viewer Cross-Site Scripting in...

8.8CVSS1.3AI score0.04182EPSS
Exploits0References1
Prion
Prion
added 2020/06/22 8:15 p.m.11 views

Authorization

In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key...

7.5CVSS9.3AI score0.00678EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/06/09 4:15 p.m.17 views

CVE-2020-13266

Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions...

4.3CVSS4.3AI score0.00554EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/06/09 3:34 p.m.19 views

CVE-2020-13266

Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions...

4.3CVSS4.3AI score0.00554EPSS
Exploits0References2
Rows per page
Query Builder