1810 matches found
Authorization Bypass Through User-Controlled Key play-with-docker
Impact Give that CORS configuration was not correct, an attacker could use play-with-docker.com as an example, set origin header in http request as evil-play-with-docker.com, it will be echo in response header, which successfully bypass the CORS policy and retrieves basic user information. Patche...
CVE-2023-1463 Authorization Bypass Through User-Controlled Key in nilsteampassnet/teampass
Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23...
CVE-2023-1463
Affected software : TeamPass (nilsteampassnet/teampass) prior to version 3.0.0.23. Vulnerability : Improper authorization allowing an attacker to bypass security via a user-controlled key, effectively bypassing authorization checks. Root cause : Authorization bypass through a user-controlled key ...
Fedora 38 : golang-github-need-being-tree / golang-helm-3 / golang-oras / etc (2023-4e2068ba5d)
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-4e2068ba5d advisory. Update helm to 3.11.1, resolving multiple security issues Tenable has extracted the preceding description block directly from the Fedora security...
CVE-2023-0882
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16...
Authorization
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16...
CVE-2023-0882 Authorization Bypass Through User-Controlled Key on Single Connect
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16...
CVE-2023-0882 Authorization Bypass Through User-Controlled Key on Single Connect
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16...
PT-2023-16585
Name of the Vulnerable Software and Affected Versions Kron Tech Single Connect version 2.16 Description The issue is related to Improper Input Validation and Authorization Bypass Through User-Controlled Key, allowing Privilege Abuse in Kron Tech Single Connect on Windows. Recommendations For...
SUSE CVE-2017-0936
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could...
SUSE CVE-2022-1996
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0...
CVE-2022-4806
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1...
CVE-2022-4811
Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1...
CVE-2022-4803
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1...
CVE-2022-4798
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1...
CVE-2022-4802
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1...
Authorization
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1...
Authorization
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1...
CVE-2022-46179 LiuOS vulnerable to Authorization Bypass through User-Controlled Key
LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUBACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest...
CVE-2022-46179 LiuOS vulnerable to Authorization Bypass through User-Controlled Key
LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUBACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest...