196 matches found
The vulnerability of the SportsTeams extension of the software for implementing the MediaWiki hypertext environment allows a hacker to compromise the integrity of the protected information.
The vulnerability of the SportsTeams extension of the MediaWiki software, which is used to implement a hypertext environment, relates to the lack of permission checking. Exploiting this vulnerability could allow an attacker operating remotely to compromise the integrity of the protected informati...
Google Android Information Disclosure Vulnerability (CNVD-2024-24392)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability due to a lack of permission checking in several features of healthconnect. The vulnerability can be exploited by an attacker to obtain sensitive informatio...
Jenkins Subversion Partial Release Manager Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Sulu Security Breach
Sulu is a Symfony framework on an extensible, PHP-based open source content management system from Sulu, Austria. A security vulnerability exists in Sulu versions 2.2.0 through prior to 2.5.13, which stems from the ability to grant access to a page regardless of the permissions of a role in a...
CVE-2024-27931 Insufficient permission checking in `Deno.makeTemp*` APIs
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in Deno.makeTemp APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect othe...
CVE-2024-27931 Insufficient permission checking in `Deno.makeTemp*` APIs
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in Deno.makeTemp APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect othe...
GHSA-HRQR-JV8W-V9JH Insufficient permission checking in `Deno.makeTemp*` APIs
Impact Insufficient validation of parameters in Deno.makeTemp APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a Deno.makeTemp API...
Hazelcast Platform permission checking in CSV File Source connector
Impact In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem. Patches Fix...
CVE-2023-45860
In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem...
CVE-2023-45860
In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem...
CVE-2023-45860
Hazelcast Platform up to 5.3.4 is affected by a permission-checking flaw in the SQL mapping for the CSV File Source connector, potentially enabling unauthorized clients to read files on a member’s filesystem. Root cause: inadequate access checks. Impact: data exposure of local files. Remediation:...
Google Android Information Disclosure Vulnerability (CNVD-2023-101642)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability, which is caused by a lack of permission checking in Slice. The vulnerability can be exploited by an attacker to obtain sensitive information...
Google Android Information Disclosure Vulnerability (CNVD-2024-00165)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability due to a lack of permission checking in Package Manager. An attacker can exploit this vulnerability to obtain sensitive information...
Google Android Information Disclosure Vulnerability (CNVD-2024-01376)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability, which is caused by a lack of permission checking in the Activity Manager. An attacker can exploit this vulnerability to obtain sensitive information...
Google Android Information Disclosure Vulnerability (CNVD-2024-01356)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by a lack of permission checking in the content parsing program. An attacker can exploit this vulnerability to obtain sensitive information...
Jenkins Plugin Build Failure Analyzer Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Google Android onCreate module authorization issue vulnerability
Google Android is a Linux-based open source operating system from Google. Google Android onCreate module has an authorization issue vulnerability that stems from a lack of permission checking in the onCreate module of ManagePermissionsActivity.java, with one possible way to bypass the Restore...
The vulnerability of Bluetooth microprogramming chipset Unisoc, related to the lack of permission checking, allows a intruder to gain unauthorized access to protected information.
The vulnerability of Bluetooth microprogrammed chipset devices from Unisoc lies in the lack of permission checking. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
CVE-2023-2640
CVE-2023-2640 describes a local privilege-escalation in Ubuntu kernels where overlayfs allows an unprivileged user to set privileged trusted.overlayfs.* xattrs on mounted files due to a skip-permission-check in overlayfs. This affects Ubuntu kernel builds carrying the c914c0e27eb0 change paired w...
CVE-2023-38503 Directus has Incorrect Permission Checking for GraphQL Subscriptions
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters i.e. usercreated IS $CURRENTUSER are not properly checked when using GraphQL subscription resulting in unauthorized users getting event o...