Lucene search
+L

196 matches found

BDU FSTEC
BDU FSTEC
added 2024/04/09 12:0 a.m.13 views

The vulnerability of the SportsTeams extension of the software for implementing the MediaWiki hypertext environment allows a hacker to compromise the integrity of the protected information.

The vulnerability of the SportsTeams extension of the MediaWiki software, which is used to implement a hypertext environment, relates to the lack of permission checking. Exploiting this vulnerability could allow an attacker operating remotely to compromise the integrity of the protected informati...

5.3CVSS5.9AI score0.00324EPSS
Exploits0References4Affected Software2
CNVD
CNVD
added 2024/03/14 12:0 a.m.11 views

Google Android Information Disclosure Vulnerability (CNVD-2024-24392)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability due to a lack of permission checking in several features of healthconnect. The vulnerability can be exploited by an attacker to obtain sensitive informatio...

6.2CVSS6.1AI score0.00103EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/06 12:0 a.m.6 views

Jenkins Subversion Partial Release Manager Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS6.6AI score0.00495EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/06 12:0 a.m.5 views

Sulu Security Breach

Sulu is a Symfony framework on an extensible, PHP-based open source content management system from Sulu, Austria. A security vulnerability exists in Sulu versions 2.2.0 through prior to 2.5.13, which stems from the ability to grant access to a page regardless of the permissions of a role in a...

8.1CVSS6.6AI score0.0045EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/05 4:43 p.m.15 views

CVE-2024-27931 Insufficient permission checking in `Deno.makeTemp*` APIs

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in Deno.makeTemp APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect othe...

5.8CVSS6.7AI score0.00491EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/03/05 4:43 p.m.35 views

CVE-2024-27931 Insufficient permission checking in `Deno.makeTemp*` APIs

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in Deno.makeTemp APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect othe...

5.8CVSS5.7AI score0.00491EPSS
Exploits1References1
OSV
OSV
added 2024/03/05 4:19 p.m.21 views

GHSA-HRQR-JV8W-V9JH Insufficient permission checking in `Deno.makeTemp*` APIs

Impact Insufficient validation of parameters in Deno.makeTemp APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a Deno.makeTemp API...

5.8CVSS5.8AI score0.00491EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/02/16 11:14 p.m.17 views

Hazelcast Platform permission checking in CSV File Source connector

Impact In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem. Patches Fix...

6.5CVSS7.5AI score0.00528EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2024/02/16 10:15 a.m.15 views

CVE-2023-45860

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem...

6.5CVSS6.8AI score0.00528EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/16 12:0 a.m.16 views

CVE-2023-45860

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem...

7AI score0.00528EPSS
Exploits0References2
CVE
CVE
added 2024/02/16 12:0 a.m.74 views

CVE-2023-45860

Hazelcast Platform up to 5.3.4 is affected by a permission-checking flaw in the SQL mapping for the CSV File Source connector, potentially enabling unauthorized clients to read files on a member’s filesystem. Root cause: inadequate access checks. Impact: data exposure of local files. Remediation:...

6.5CVSS7AI score0.00528EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2023/11/01 12:0 a.m.9 views

Google Android Information Disclosure Vulnerability (CNVD-2023-101642)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability, which is caused by a lack of permission checking in Slice. The vulnerability can be exploited by an attacker to obtain sensitive information...

5.5CVSS6.1AI score0.00093EPSS
Exploits0References1
CNVD
CNVD
added 2023/11/01 12:0 a.m.18 views

Google Android Information Disclosure Vulnerability (CNVD-2024-00165)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability due to a lack of permission checking in Package Manager. An attacker can exploit this vulnerability to obtain sensitive information...

5.5CVSS6AI score0.00083EPSS
Exploits0References1
CNVD
CNVD
added 2023/11/01 12:0 a.m.9 views

Google Android Information Disclosure Vulnerability (CNVD-2024-01376)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability, which is caused by a lack of permission checking in the Activity Manager. An attacker can exploit this vulnerability to obtain sensitive information...

5.5CVSS6AI score0.00099EPSS
Exploits0References1
CNVD
CNVD
added 2023/11/01 12:0 a.m.35 views

Google Android Information Disclosure Vulnerability (CNVD-2024-01356)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by a lack of permission checking in the content parsing program. An attacker can exploit this vulnerability to obtain sensitive information...

5.5CVSS6.3AI score0.00082EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/09/20 12:0 a.m.9 views

Jenkins Plugin Build Failure Analyzer Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.7AI score0.00504EPSS
Exploits0References4
CNVD
CNVD
added 2023/08/16 12:0 a.m.20 views

Google Android onCreate module authorization issue vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android onCreate module has an authorization issue vulnerability that stems from a lack of permission checking in the onCreate module of ManagePermissionsActivity.java, with one possible way to bypass the Restore...

6.8CVSS6.7AI score0.00125EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/08/01 12:0 a.m.9 views

The vulnerability of Bluetooth microprogramming chipset Unisoc, related to the lack of permission checking, allows a intruder to gain unauthorized access to protected information.

The vulnerability of Bluetooth microprogrammed chipset devices from Unisoc lies in the lack of permission checking. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

4CVSS5.9AI score0.00163EPSS
Exploits0References2
CVE
CVE
added 2023/07/26 1:59 a.m.375 views

CVE-2023-2640

CVE-2023-2640 describes a local privilege-escalation in Ubuntu kernels where overlayfs allows an unprivileged user to set privileged trusted.overlayfs.* xattrs on mounted files due to a skip-permission-check in overlayfs. This affects Ubuntu kernel builds carrying the c914c0e27eb0 change paired w...

7.8CVSS7.5AI score0.15783EPSS
Exploits12References4Affected Software1
Cvelist
Cvelist
added 2023/07/25 10:6 p.m.37 views

CVE-2023-38503 Directus has Incorrect Permission Checking for GraphQL Subscriptions

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters i.e. usercreated IS $CURRENTUSER are not properly checked when using GraphQL subscription resulting in unauthorized users getting event o...

5.7CVSS6.8AI score0.00426EPSS
Exploits0References2
Rows per page
Query Builder