Lucene search
+L

321 matches found

Positive Technologies
Positive Technologies
added 2023/06/02 12:0 a.m.3 views

PT-2023-21601 · Hashicorp · Hashicorp Consul +1

Name of the Vulnerable Software and Affected Versions: Consul and Consul Enterprise affected versions not specified Description: The issue allows any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the...

8.7CVSS8.4AI score0.00585EPSS
Exploits0References14
OSV
OSV
added 2023/05/25 2:15 p.m.3 views

CVE-2023-22504

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature...

6.5CVSS5.8AI score0.00747EPSS
Exploits0References1
Prion
Prion
added 2023/05/25 2:15 p.m.20 views

Improper access control

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature...

4CVSS6.4AI score0.00747EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/04/25 5:0 p.m.3 views

UBUNTU-CVE-2023-25815

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...

3.3CVSS6.7AI score0.01047EPSS
Exploits0References4
Wiz blog
Wiz blog
added 2023/04/19 1:0 p.m.17 views

#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services

A container escape vulnerability, combined with accidental 'write' permissions to a private registry, opened a backdoor for Wiz Research to access Alibaba Cloud databases and potentially compromise its services through a supply-chain attack...

6.9AI score
Exploits0
Redos
Redos
added 2023/04/12 12:0 a.m.109 views

ROS-20230412-03

The Consul server vulnerability is related to allowing an authenticated user to use the service: write permissions to start a workflow. Exploitation of the vulnerability could allow an attacker acting remotely to crash the Consul server and client agents...

6.5CVSS6.7AI score0.01005EPSS
Exploits0
Zero Science Lab
Zero Science Lab
added 2023/03/28 12:0 a.m.253 views

Sielco Analog FM Transmitter 2.12 Remote Privilege Escalation

Summary Sielco designs and produces FM radio transmitters for professional broadcasting. The in-house laboratory develops standard and customised solutions to meet all needs. Whether digital or analogue, each product is studied to ensure reliability, resistance over time and a high standard of...

8.8CVSS7.3AI score0.00596EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.8 views

PT-2023-21716 · Onesignal · Onesignal

Name of the Vulnerable Software and Affected Versions: OneSignal affected versions not specified Description: The issue concerns a workflow triggered by closed issues, utilizing a GitHub repository token with full write permissions. This allows an attacker to potentially take over the GitHub...

8.1CVSS8.1AI score0.00905EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2023/03/09 6:30 p.m.21 views

Consul Server Panic when Ingress and API Gateways Configured with Peering Connections

A vulnerability was identified in Consul and Consul Enterprise “Consul” an authenticated user with service:write permissions could trigger a workflow that causes Consul server and client agents to crash under certain circumstances. To exploit this vulnerability, an attacker requires access to an...

6.5CVSS6.4AI score0.01005EPSS
Exploits0References6Affected Software1
AlpineLinux
AlpineLinux
added 2023/03/09 4:15 p.m.78 views

CVE-2023-0845

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5...

6.5CVSS6.6AI score0.01005EPSS
Exploits0
CNVD
CNVD
added 2023/03/07 12:0 a.m.39 views

IBM Observability with Instana Access Control Error Vulnerability

IBM Observability with Instana is a powerful application performance monitoring solution from International Business Machines IBM that enables faster performance tracking and incident resolution.IBM Observability with Instana suffers from an access control error vulnerability that stems from the...

9.1CVSS8.8AI score0.08573EPSS
Exploits3References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.7 views

SUSE CVE-2014-3969

Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors...

7.4CVSS6.8AI score0.00653EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.5 views

SUSE CVE-2018-7689

Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions...

7.1CVSS6.3AI score0.01208EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.3 views

SUSE CVE-2019-15621

Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link...

6.5CVSS6.4AI score0.01056EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/02/03 1:15 a.m.5 views

CVE-2022-48023

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags...

4.3CVSS5.8AI score0.00449EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2023/02/01 12:0 a.m.375 views

io_uring Same Type Object Reuse Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iouring Same Type Object Reuse Priv Esc', 'Description' = %q This module exploits a bug in iouring leading to an additional putcred that can be...

8.8CVSS0.5AI score0.03718EPSS
Exploits4
Prion
Prion
added 2022/12/01 9:15 p.m.15 views

Privilege escalation

An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This...

4CVSS6.4AI score0.00696EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/01 12:0 a.m.6 views

CVE-2022-23737 Improper Privilege Management in GitHub Enterprise Server leading to page creation and deletion

An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This...

6.7AI score0.00696EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/12/01 12:0 a.m.9 views

PT-2022-16240 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.7 Description: An improper privilege management issue was identified that allowed users with improper privileges to create or delete pages via the API. To exploit this, an attacker would need to be...

6.5CVSS7.2AI score0.00696EPSS
Exploits0References9
CNVD
CNVD
added 2022/11/30 12:0 a.m.25 views

chocolatey Python3 Permission Design Vulnerability

Python is an open source object-oriented programming language. A privilege design vulnerability exists in the Chocolatey Python3 package v3.11.0 and earlier versions, which originates from all users in the Authenticated users group having write access to the subfolder C:\Python311 and all files i...

4.3CVSS4.8AI score0.00353EPSS
Exploits0References1
Rows per page
Query Builder