Samsung knox_custom service security feature issue vulnerability

Samsung knoxcustom service is a mobile application from Samsung South Korea. A simplicity mode is provided. A security signature issue vulnerability exists in knoxcustom service prior to SMR Mar-2021 Release 1, which stems from a missing privilege check and can be exploited by an attacker to obta...

knox_custom service 安全特征问题漏洞

Samsung knoxcustom service is a mobile application from Samsung South Korea. A simplicity mode is provided. A security signature issue vulnerability exists in knoxcustom service prior to SMR Mar-2021 Release 1, which stems from a missing privilege check and can be exploited by an attacker to obta...

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. A security vulnerability exists in Google Android/Pixel that stems from a lack of privilege checking in callCallbackForRequest in ConnectivityService.java, which could bypass privileges...

MediaTek netdiag 信息泄露漏洞

MediaTek netdiag is an application chip from MediaTek China. Improved processing capabilities. A security vulnerability exists in MediaTek netdiag. The vulnerability stems from a lack of privilege checking and could lead to the disclosure of local information with required system execution...

SUSE-SU-2021:0543-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgrade to version 13.2: Updating stored views and reindexing might be needed after applying this update. CVE-2021-3393, bsc1182040: Fix information leakage in constraint-violation error messages. CVE-2021-20229, bsc1182039: Fix failure to...

Apache Accumulo Access Control Error Vulnerability

Apache Accumulo is a reliable, scalable, high-performance sorted distributed Key-Value storage application from the Apache Foundation. An access control error vulnerability exists in Apache Accumulo versions 1.5.0 through 1.10.0 and 2.0.0 due to an authenticated user failing to properly check the...

Design/Logic Flaw

Red Hat CloudForms 4.7 and 5 leads to insecure direct object references IDOR and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms...

CVE-2020-15943

An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an...

Design/Logic Flaw

An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an...

CVE-2020-15943

The CVE-2020-15943 entry affects Atlassian Jira Gantt-Chart module before 5.5.4. A missing privilege check allows an authenticated attacker to read and write the module configuration of other users, with potential to deliver an XSS payload to other users’ dashboards. Exploitation requires authent...

PT-2020-14726 · Atlassian · Gantt-Chart For Jira

Name of the Vulnerable Software and Affected Versions: Gantt-Chart for Jira versions prior to 5.5.4 Description: An issue in the Gantt-Chart module allows authenticated attackers to read and write to the module configuration of other users due to a missing privilege check. This can also be used t...

CVE-2020-10779

A flaw was found in Red Hat CloudForms where sensitive data would have been possibly leaked for other existing roles. An attacker with low privilege could make use of EVM-Admin API if certain criteria is met since there was no privilege check on feature. Mitigation Red Hat has investigated whethe...

CVE-2019-15876

In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged user...

Design/Logic Flaw

The UniFi Video Server Windows web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLICGROUP or CUSTOMGROUP groups, can access these endpoints and overwrite the current...

CVE-2018-16270

Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path...

CVE-2019-17631

From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks...

CloudBees Jenkins Publisher Over CIFS Plugin Privilege Check Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Publisher Over CIFS Plugin is to use...

CloudBees Jenkins Unauthorized Operation Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . An...

CVE-2017-7530

In CloudForms Management Engine cfme before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should n...

CVE-2017-7530

In CloudForms Management Engine cfme before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should n...