32 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the content-locking process. An attacker can obtain email addresses and identifiers of users who should be inaccessible by sending requests as an authenticated user with restricted users.access or users.list...
CVE-2026-21715
A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the fs.realpathSync.native function. This vulnerability allows code operating under --permission with restricted --allow-fs-read flags to bypass...
CVE-2026-20607
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data...
PT-2026-8394
Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.1.0 through 2.7.2 Description Apache NiFi installations are affected by a missing authorization check when updating configuration properties on extension components with specific Required Permissions based on the...
EUVD-2006-5283
Malware in sbrugna...
EUVD-2024-19712
Malicious code in bioql PyPI...
Understanding Concept Drift with Deprecated Permissions in Android Malware Detection
Permission analysis is a widely used method for Android malware detection. It involves examining the permissions requested by an application to access sensitive data or perform potentially malicious actions. In recent years, various machine learning ML algorithms have been applied to Android...
CVE-2021-3991
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions...
CVE-2020-0036
In hasPermissions of PermissionMonitor.java, there is a possible access to restricted permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
BIT-DOLIBARR-2021-3991 Improper Authorization in dolibarr/dolibarr
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions...
Shopify: Staff with Restricted Permissions Could Access Customer Data After Company Removal
The report describes a vulnerability in Shopify's admin interface where staff members with restricted company permissions could access and update customer information even after the customer had been removed from a specific company. The issue arose when a customer, initially associated with a...
PT-2024-11006 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr versions prior to the 'develop' branch Dolibarr versions prior to 15.0.0 Dolibarr versions prior to 63cd063 Description: An Improper Authorization issue exists, allowing a user with restricted permissions in the 'Reception' section t...
CVE-2024-22116
CVE-2024-22116 affects Zabbix: an administrator with restricted permissions can abuse the Script Execution feature in the Monitoring Hosts section by exploiting the Ping script’s parameters, due to missing default escaping. This leads to arbitrary code execution and infrastructure compromise. Pub...
Siemens SCALANCE LPE9403 Incorrect Permission Assignment for Critical Resource (CVE-2021-41091)
A vulnerability was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included...
Amazon Linux 2 : docker (ALASECS-2023-028)
The version of docker installed on the remote host is prior to 20.10.7-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-028 advisory. A file permissions vulnerability was found in Moby Docker Engine. Copying files by using into a specially-crafted...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability due to a privilege bypass in AdminRestrictedPermissionsUtils.java's onSetRuntimePermissionGrantStateByDeviceAdmin, which can be exploited by an attacker to obtain...
CBL Mariner 2.0 Security Update: moby-containerd (CVE-2021-41103)
The version of moby-containerd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-41103 advisory. - containerd is an open source container runtime with an emphasis on simplicity, robustness and...
EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-2311)
According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempti...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2218)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2022-2218)
According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempti...