Lucene search
K

1810 matches found

Github Security Blog
Github Security Blog
added 2023/03/17 2:43 p.m.25 views

Authorization Bypass Through User-Controlled Key play-with-docker

Impact Give that CORS configuration was not correct, an attacker could use play-with-docker.com as an example, set origin header in http request as evil-play-with-docker.com, it will be echo in response header, which successfully bypass the CORS policy and retrieves basic user information. Patche...

6.5CVSS6.3AI score0.00702EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/03/17 12:0 a.m.23 views

CVE-2023-1463 Authorization Bypass Through User-Controlled Key in nilsteampassnet/teampass

Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23...

6.3CVSS6.2AI score0.00523EPSS
Exploits1References4
CVE
CVE
added 2023/03/17 12:0 a.m.63 views

CVE-2023-1463

Affected software : TeamPass (nilsteampassnet/teampass) prior to version 3.0.0.23. Vulnerability : Improper authorization allowing an attacker to bypass security via a user-controlled key, effectively bypassing authorization checks. Root cause : Authorization bypass through a user-controlled key ...

6.3CVSS5.5AI score0.00523EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/02/22 12:0 a.m.47 views

Fedora 38 : golang-github-need-being-tree / golang-helm-3 / golang-oras / etc (2023-4e2068ba5d)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-4e2068ba5d advisory. Update helm to 3.11.1, resolving multiple security issues Tenable has extracted the preceding description block directly from the Fedora security...

9.3CVSS7.3AI score0.05623EPSS
Exploits1References5
OSV
OSV
added 2023/02/17 10:15 a.m.3 views

CVE-2023-0882

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16...

8.8CVSS7.3AI score0.00712EPSS
Exploits0References2
Prion
Prion
added 2023/02/17 10:15 a.m.18 views

Authorization

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16...

6.5CVSS8.7AI score0.00712EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/17 6:44 a.m.5 views

CVE-2023-0882 Authorization Bypass Through User-Controlled Key on Single Connect

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16...

8.8CVSS7AI score0.00712EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/02/17 6:44 a.m.22 views

CVE-2023-0882 Authorization Bypass Through User-Controlled Key on Single Connect

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16...

8.8CVSS8.9AI score0.00712EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/17 12:0 a.m.3 views

PT-2023-16585

Name of the Vulnerable Software and Affected Versions Kron Tech Single Connect version 2.16 Description The issue is related to Improper Input Validation and Authorization Bypass Through User-Controlled Key, allowing Privilege Abuse in Kron Tech Single Connect on Windows. Recommendations For...

8.8CVSS7.3AI score0.00712EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.3 views

SUSE CVE-2017-0936

Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could...

5.7CVSS6.8AI score0.00778EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:33 a.m.4 views

SUSE CVE-2022-1996

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0...

9.1CVSS9.5AI score0.02737EPSS
Exploits1References25
NVD
NVD
added 2022/12/28 2:15 p.m.30 views

CVE-2022-4806

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1...

8.2CVSS0.00756EPSS
Exploits1References2
NVD
NVD
added 2022/12/28 2:15 p.m.37 views

CVE-2022-4811

Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1...

8.3CVSS0.00564EPSS
Exploits1References2
NVD
NVD
added 2022/12/28 2:15 p.m.24 views

CVE-2022-4803

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1...

8.8CVSS0.00811EPSS
Exploits1References2
NVD
NVD
added 2022/12/28 2:15 p.m.25 views

CVE-2022-4798

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1...

8.6CVSS0.00702EPSS
Exploits1References2
NVD
NVD
added 2022/12/28 2:15 p.m.29 views

CVE-2022-4802

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1...

9.1CVSS0.00568EPSS
Exploits1References2
Prion
Prion
added 2022/12/28 2:15 p.m.16 views

Authorization

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1...

5.5CVSS5.5AI score0.00568EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/12/28 2:15 p.m.15 views

Authorization

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1...

5CVSS5.3AI score0.00702EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/12/28 7:0 a.m.38 views

CVE-2022-46179 LiuOS vulnerable to Authorization Bypass through User-Controlled Key

LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUBACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest...

9.2CVSS9.4AI score0.00331EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/12/28 7:0 a.m.7 views

CVE-2022-46179 LiuOS vulnerable to Authorization Bypass through User-Controlled Key

LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUBACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest...

9.2CVSS9.3AI score0.00331EPSS
Exploits1References2
Rows per page
Query Builder