Lucene search
K

206 matches found

Cvelist
Cvelist
added 2023/11/24 5:2 p.m.36 views

CVE-2023-48712 User authorization bug leading to privilege escalation in warpgate

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows a...

7.1CVSS9.3AI score0.00676EPSS
Exploits0References2
Veracode
Veracode
added 2023/11/13 7:19 a.m.16 views

Missing Authorization

Apache Airflow is vulnerable to Missing Authorization. The vulnerability is due to a lack of validation while authorizing users to read DAGs. A user with read permission to specific DAGs can read task instances of other DAGs...

6.5CVSS6.8AI score0.01657EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/10/04 11:15 a.m.4 views

CVE-2023-4997

Improper authorisation of regular users in ProIntegra Uptime DC software versions below 2.0.0.33940 allows them to change passwords of all other users including administrators leading to a privilege escalation...

8.8CVSS5.8AI score0.00544EPSS
Exploits0References2
Prion
Prion
added 2023/10/04 11:15 a.m.14 views

Privilege escalation

Improper authorisation of regular users in ProIntegra Uptime DC software versions below 2.0.0.33940 allows them to change passwords of all other users including administrators leading to a privilege escalation...

6.5CVSS8.6AI score0.00544EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/09/06 6:15 p.m.45 views

CVE-2023-41319

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML...

8.8CVSS8.8AI score0.00837EPSS
Exploits0References2
Citrix
Citrix
added 2023/08/24 12:0 a.m.9 views

Session Prelaunch Is Not Working

Prelaunch is enabled on the delivery group. Users are authorized for Prelaunch is not working...

7.2AI score
Exploits0
Cvelist
Cvelist
added 2023/08/16 8:25 p.m.47 views

CVE-2023-40021 Timing Attack Reveals CSRF Tokens in oppia

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

5.3CVSS5.5AI score0.00646EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/07/11 2:34 a.m.46 views

CVE-2023-33992 Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA

The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAPBW 730, SAPBW 731, SAPBW 740, SAPBW 730, SAPBW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs...

4.5CVSS6.8AI score0.00378EPSS
Exploits0References2
Huntr
Huntr
added 2023/06/29 8:52 a.m.9 views

Unauthorized access to Survey menu entries

Description The application is not properly verifying the authorization of users accessing survey menu entries. Proof of Concept 1. Login as a user with limited privilege. In my case the user permission is set as follows and has no access to surveys. 2. Visit...

6.7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2023/06/29 12:0 a.m.34 views

WordPress Formidable Forms Plugin < 6.3.1 RCE Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:strategy11:formidableformbuilder"; ifdescription...

8.8CVSS7AI score0.22452EPSS
Exploits3References1
Prion
Prion
added 2023/06/27 2:15 p.m.16 views

Remote code execution

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...

6.5CVSS8.8AI score0.22452EPSS
Exploits3References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/06/08 7:15 p.m.3 views

CVE-2023-34958

Incorrect access control in Chamilo 1.11. up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID...

4.3CVSS5.7AI score0.00411EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.30 views

Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

The plugin does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site,...

8.8CVSS6.6AI score0.22452EPSS
Exploits3Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.3 views

PT-2023-22190 · Sap · Sapsetup

Name of the Vulnerable Software and Affected Versions: SapSetup version 9.0 Description: A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup, resulting in a privilege escalation running code as administrator of the same Windows PC. A successful attack depen...

6.7CVSS6.7AI score0.00178EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/03/14 5:7 a.m.5 views

CVE-2023-27893 Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)

An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems ST-PI - versions 20881700, 20081710, 740, can use a vulnerable interface to execute an application function to perform actions which they...

8.8CVSS8.7AI score0.01184EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/03 12:0 a.m.5 views

PT-2023-14161 · Wepa · Wepa Print Away

Name of the Vulnerable Software and Affected Versions: WEPA Print Away affected versions not specified Description: The issue arises from the lack of verification of user authorization to access documents before generating print orders and associated release codes. This could allow an attacker to...

6.5CVSS5.3AI score0.00363EPSS
Exploits0References4
Code423n4
Code423n4
added 2023/01/29 12:0 a.m.16 views

Integer Overflow Vulnerability in _addSplittable Function.

Lines of code Vulnerability details Impact splitsStorage.splitsStatesuserId.balancesassetId.splittable += amt; This vulnerability, if exploited, would allow an attacker to add a large amount of funds to a user's splittable balance, causing it to exceed the maximum value that the uint128 type can...

6.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/01/25 12:0 a.m.12 views

The vulnerability of the ALSA:pcm component (the audio subsystem of the Linux operating system), which allows a hacker to cause a service failure and gain unauthorized access to protected information.

The vulnerability of the ALSA:pcm component the audio subsystem of the Linux operating system is related to a synchronization violation in sndctlelemreaduser. Exploiting this vulnerability can allow an attacker to cause service failures and gain unauthorized access to protected information...

7.8CVSS7AI score0.03702EPSS
Exploits0References16Affected Software7
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.4 views

XWiki Platform 安全漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform xwiki-platform-oldcore version 11.7RC1 and later versions, which stems from a missing authorization in UsersetDisabledStatus...

4.9CVSS5.3AI score0.00713EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/11/23 12:0 a.m.28 views

CVE-2022-41929 Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore

org.xwiki.platform:xwiki-platform-oldcore is missing authorization in UsersetDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched ...

4.9CVSS5.3AI score0.00713EPSS
Exploits1References3
Rows per page
Query Builder