Lucene search
K

100 matches found

Github Security Blog
Github Security Blog
added 2023/02/16 8:47 p.m.52 views

Users with any cluster secret update access may update out-of-bounds cluster secrets

Impact All Argo CD versions starting with v2.3.0-rc1 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluster secret to update any cluster secret. The attacker could use this access to escalate privileges potentially controlling...

9.1CVSS8.8AI score0.00671EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/12/13 6:46 a.m.4 views

CVE-2022-23473 Tuleap MediaWiki standalone "readers" can also edit pages

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This on...

4.3CVSS6.7AI score0.00454EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/08/01 12:0 a.m.46 views

PT-2022-20570 · Sourcegraph · Sourcegraph

Name of the Vulnerable Software and Affected Versions: Sourcegraph versions prior to 3.41.0 Description: The issue allows an attacker to delete other users’ saved searches due to a bug in the authorization check. It does not allow the reading of other users’ saved searches, only overwriting them...

4.3CVSS4.4AI score0.00402EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/06/06 5:15 p.m.5 views

CVE-2022-1936

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...

6.5CVSS6.6AI score0.0065EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/13 1:2 a.m.2 views

GHSA-Q6X7-F33R-3WXX Incorrect Authorization in Apache Tomcat

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was...

7.5CVSS6.7AI score0.0807EPSS
Exploits0References46
OSV
OSV
added 2022/04/04 8:15 p.m.1 views

UBUNTU-CVE-2022-0740

Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from...

4.3CVSS5.8AI score0.00969EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/04/04 11:15 a.m.5 views

CVE-2022-1223

Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6...

6.5CVSS6.8AI score0.01162EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.4 views

PT-2021-22749 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.4 and above Description: The issue allows a user with guest membership in a project to modify the severity of an incident due to incorrect authorization. Recommendations: For GitLab CE/EE versions 13.4 and above, upda...

4.3CVSS4.3AI score0.00763EPSS
Exploits0References12
CNNVD
CNNVD
added 2021/10/28 12:0 a.m.5 views

NETGEAR R7000 授权问题漏洞

Netgear NETGEAR R7000 is a wireless router from Netgear, Inc. An authorization issue vulnerability exists in the NETGEAR R7000 Router, which stems from a lack of valid authentication when the product handles soap requests to reset passwords. An attacker could reset the password through this...

8.8CVSS5.6AI score0.01146EPSS
Exploits0References4
Hacker One
Hacker One
added 2021/09/24 12:40 a.m.20 views

Shopify: Staff can use BULK_OPERATIONS_FINISH webhook topic using Graphql without permissions all

I am reporting this because it looks like an authorization bug in GraphQL. A Staff member with no permissions on a Shopify Store may be able to create Webhooks with the webhookSubscriptionCreate mutation on BULKOPERATIONSFINISH webhook topic. POST...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2021/01/06 9:59 a.m.95 views

Doppler VDP: Owner can change themself for another Role Mode but application doesnot have this function.

Hello team, I have found a Privilege escalation bug in your application. Basically your website doesn't allow owner to change role mode for themself, they only can able to change role mode of another user. But i found authorization bug in your application that if we add user id of themself in...

1.7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/30 12:2 p.m.20 views

Security Bulletin: Apache Solr vulnerability affects IBM Operations Analytics - Log Analysis (CVE-2018-11802)

Summary Remote attacker could bypass Apache Solr security restrictions Vulnerability Details CVEID: CVE-2018-11802 DESCRIPTION: Apache Solr could allow a remote attacker to bypass security restrictions, caused by an authorization bug. By sending a specially-crafted request, an attacker could...

4.3CVSS1.7AI score0.0202EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2019/07/17 9:26 p.m.15 views

U.S. Dept Of Defense: [█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action

I will combine this vulnerability with this vulnerability described in this report 648222. If you have not read this report, I recommend reading that report first, and then studying this report. I want to note that this report cannot be closed as a duplicate to the above described report. why?...

Exploits0
OSV
OSV
added 2019/04/10 9:29 p.m.4 views

CVE-2019-0279

ABAP BASIS function modules INSTCREATER3RFCDEST, INSTCREATETCPIPRFCDEST, and INSTCREATETCPIPRFCDEST in SAP BASIS fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53 do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in...

8.8CVSS5.8AI score0.01131EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/09/03 12:0 a.m.281 views

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2336-1)

A flaw was discovered in the Linux kernel virtual machine's kvm validation of interrupt requests irq. A guest OS user could exploit this flaw to cause a denial of service host OS crash. CVE-2014-0155 Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket...

6.2CVSS6.6AI score0.05926EPSS
Exploits8References15
Tenable Nessus
Tenable Nessus
added 2014/09/03 12:0 a.m.51 views

Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2333-1)

A bug was discovered in the handling of pathname components when used with an autofs direct mount. A local user could exploit this flaw to cause a denial of service system crash via an open system call. CVE-2014-0203 Toralf Forster reported an error in the Linux kernels syscall auditing on 32 bit...

7.1CVSS6.6AI score0.05926EPSS
Exploits1References10
OpenVAS
OpenVAS
added 2014/09/03 12:0 a.m.50 views

Ubuntu: Security Advisory (USN-2332-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS7.4AI score0.05926EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2014/09/02 5:49 p.m.79 views

USN-2334-1: Linux kernel vulnerabilities

An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service OOPS. CVE-2014-3917 An information leak was discovered in the rdm...

7.1CVSS6.7AI score0.05926EPSS
Exploits0
Ubuntu
Ubuntu
added 2014/09/02 5:41 p.m.75 views

USN-2332-1: Linux kernel vulnerabilities

A bug was discovered in the handling of pathname components when used with an autofs direct mount. A local user could exploit this flaw to cause a denial of service system crash via an open system call. CVE-2014-0203 Toralf Förster reported an error in the Linux kernels syscall auditing on 32 bit...

7.1CVSS6.6AI score0.05926EPSS
Exploits1
securityvulns
securityvulns
added 2000/10/27 12:0 a.m.28 views

[RHSA-2000:094-01] Updated cyrus-sasl packages available for Red Hat Linux 7

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Updated cyrus-sasl packages available for Red Hat Linux 7 Advisory ID: RHSA-2000:094-01 Issue date: 2000-10-26 Updated on: 2000-10-26 Product: Red Hat Linux Keywords: cyrus-sasl...

6.7AI score
Exploits0
Rows per page
Query Builder