36 matches found
EUVD-2023-60547
HiSecOS web server contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative acce...
CVE-2023-7342 Belden HiSecOS Web Server Privilege Escalation
HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this fla...
CVE-2023-7342
HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this fla...
CVE-2023-7342
HiSecOS web server has a privilege-escalation flaw that allows authenticated users with operator or auditor roles to elevate to administrator by sending specially crafted packets to the web server, potentially granting full administrative control of the device. The available documents provide det...
EUVD-2018-7390
Malware in sbrugna...
EUVD-2024-52981
Malicious code in bioql PyPI...
org.wildfly.core:wildfly-server: Wildfly improper RBAC permission
A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor ro...
org.wildfly.core:wildfly-server: Wildfly improper RBAC permission
A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor ro...
org.wildfly.core:wildfly-server: Wildfly improper RBAC permission
A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor ro...
CVE-2025-24968
CVE-2025-24968 — reNgine is affected by an unrestricted project deletion vulnerability. According to PT Security and Red Hat entries, attackers with specific roles (e.g., penetration tester , auditor ) can delete all projects, potentially enabling a complete system takeover via redirection to the...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the execute functions in ServerSuspendHandler.java and ServerResumeHandler.java, which do not perform sufficient checks for the authorization of the running user. This allows a user with the Monitor or Auditor...
CVE-2025-23367
A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor ro...
CVE-2024-56114
Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from the...
CVE-2024-56114
Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from the...
CVE-2024-56114
Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from the...
CVE-2024-56114
CVE-2024-56114 affects Canlineapp Online 1.1 and is due to Broken Access Control in the create-audit-template feature. The underlying issue is improper authorization checks that allow users with the Auditor role to perform a task intended for the Supervisor role. Documented impact: auditors can c...
UBUNTU-CVE-2023-3511
An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a...
CVE-2023-29240
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
PT-2023-22217
Name of the Vulnerable Software and Affected Versions F5 BIG-IQ affected versions not specified Description An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Recommendations At the moment, there is no...
CVE-2021-3039
An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log...