16 matches found
CVE-2026-33472
Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causin...
CVE-2026-33472
CVE-2026-33472 affects Cryptomator 1.19.1, where a logic flaw in CheckHostTrustController.getAuthority() causes HTTPS URLs on port 80 to yield the same authority as HTTP, bypassing the intended consistency check and HTTP block validation. This enables a network-positioned attacker, who has write ...
Cryptomator 安全漏洞
Cryptomator is a simple digital self-defense tool within the Cryptomator community. Version 1.19.1 of Cryptomator contains a security vulnerability. This vulnerability stems from a logical flaw in the CheckHostTrustController.getAuthority method, which may allow bypassing security fixes and...
CVE-2021-33676
A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system...
EUVD-2021-20353
Malware in sbrugna...
EUVD-2025-22521
Malicious code in bioql PyPI...
Security Bulletin: IBM i is vulnerable to a privilege escalation due to an invalid database authority check [CVE-2025-33109].
Summary IBM i contains a privilege escalation vulnerability due to an invalid database authority check as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section. Vulnerability Details...
CVE-2025-33109 IBM i privilege escalation
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions...
CVE-2025-33109 IBM i privilege escalation
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions...
CVE-2021-33676
A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system...
CVE-2021-33676
A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system...
CVE-2021-33676
CVE-2021-33676 involves a missing authority check in SAP CRM ABAP components affecting versions 700, 701, 702, 712, 713, and 714. The Red Hat and NVD records corroborate that this design/authorization flaw could enable a user with high privileges to compromise the system’s confidentiality, integr...
polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd
It was found that Polkit's CheckAuthorization and RegisterAuthenticationAgent D-Bus calls did not validate the client provided UID. A specially crafted program could use this flaw to submit arbitrary UIDs, triggering various denial of service or minor disclosures, such as which authentication is...
CVE-2019-6520
Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes...
CVE-2019-6520
CVE-2019-6520 affects Moxa IKS and EDS industrial switches, caused by improper access control on the server side that allows a read-only user to perform arbitrary configuration changes. Affected products include IKS-G6824A series (Version 5.6 and prior) and EDS-405A/EDS-408A/EDS-510A series (Vers...
CVE-2016-8940
IBM Tivoli Storage Manager IBM Spectrum Protect 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these...