65 matches found
Command Execution Vulnerability in Yisetong Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-24396)
Yisetong electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic...
CVE-2024-1223 Improper authorization controls in PaperCut NG/MF
This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in ...
Authorization
The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log...
BIT-GITLAB-2020-13313
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control...
Relevanssi < 4.22.1 - Unauthenticated Query Log Export
Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function, allowing unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper...
Lender can cause unintended behavior for the borrower's transaction
Lines of code Vulnerability details This vulnerability comes in the form of when a borrower wants to remove a lender as a both deposit and withdraw and set them as a withdraw only, to avoid paying more interest on their funds in the market, this plan may not go as planned, based on the nature of...
SUSE CVE-2019-13057
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN database admin privileges for certain databases but wants to maintain isolation e.g., for multi-tenant deployments, slapd does not properly stop a rootDN from requesting authorization a...
CVE-2022-4803
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1...
Debian: Security Advisory (DLA-3197-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3198-1] php-phpseclib security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3198-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler November 17, 2022 https://wiki.debian.org/LTS -...
CVE-2022-36090 org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service. This means a disabled user can enable themselv...
CVE-2021-42126
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation...
Authorization
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation...
CVE-2021-42126
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation...
CVE-2020-4646
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5, 6.0.0.0 through 6.0.3.3, and 6.1.0.0 through 6.1.0.2 could allow an authenticated user to view pages they shoiuld not have access to due to improper authorization control...
CVE-2020-4646
CVE-2020-4646 affects IBM Sterling B2B Integrator Standard Edition: 5.2.0.0–5.2.6.5, 6.0.0.0–6.0.3.3, and 6.1.0.0–6.1.0.2. An authenticated user could view pages they should not access due to improper authorization controls. IBM confirms remediation: upgrade to 5.2.6.5_4 (5.2.x), 6.0.3.4 (6.0.x),...
Authorization
A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...
CVE-2020-13313
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control...
CVE-2020-13313
GitLab CVE-2020-13313 affects GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The root cause is an Authorization flaw that allows an unauthorized project maintainer to edit subgroup badges due to missing access controls. Impact is limited to modification of subgroup badges by unauthorized user...
CVE-2020-13313
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control...