Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper truncation of subresource names in the authorization process. An attacker can gain unauthorized access to subresources or perform unauthorized actions by exploiting incorrect permission evaluation...

EUVD-2013-0921

Malware in sbrugna...

EUVD-2021-7006

Malicious code in bioql PyPI...

CVE-2025-55177

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We...

GO-2025-3661 Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor

Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor...

Premature Release of Resource During Expected Lifetime

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Premature Release of Resource During Expected Lifetime via the authorization process. A low-privileged attacker can bypass security restrictions and modify limited...

X (Formerly Twitter): Discoverability by phone number/email restriction bypass

Summary: By using this vulnerability an attacker can find a twitter account by it's phone number/email even if the user has prohibited this in the privacy options. Description: The vulnerability allows any party without any authentication to obtain a twitter IDwhich is almost equal to getting the...

What to Expect in the initial FedRAMP briefing with your Agency Sponsor and the PMO

Most people who have spent any time researching the FedRAMP authorization process know there are two routes for a Cloud Service Provider CSP to become FedRAMP authorized: Agency and Joint Authorization Board JAB. Because of the limited number of CSPs selected each quarter for the JAB authorizatio...

JVN#35649781: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Authentication bypass in the API used to specify the fields CWE-287 - CVE-2020-5563 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 5.3 CVSS v2|...

JVN#13555032: Multiple vulnerabilities in VAIO Update

VAIO Update provided by Sony Corporation contains multiple vulnerabilities listed below. Improper authorization process CWE-285 - CVE-2019-5981 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H| Base Score: 7.8 CVSS v2| AV:N/AC:M/Au:N/C:P/I:P/A:P| Base Score...

CVE-2019-10114

An Information Exposure issue issue 2 of 2 was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication process, the application attempts to validate a parameter in an insecure way, potentially exposing da...

VMware Workstation Multiple Vulnerabilities (May 2016) - Windows

VMware Workstation is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vmware:workstation";...

VMware Player 6.x < 6.0.5 Multiple Vulnerabilities (VMSA-2015-0001) (Linux)

The version of VMware Player installed on the remote host is version 6.x prior to 6.0.5. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw exists that allows a local attacker to escalate privileges or cause a denial of service via an arbitrary write to a file...

VMware Player 6.x < 6.0.5 Multiple Vulnerabilities (VMSA-2015-0001) (Windows)

The version of VMware Player installed on the remote host is version 6.x prior to 6.0.5. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw exists that allows a local attacker to escalate privileges or cause a denial of service via an arbitrary write to a file...

Authorization

vmware-authd aka the Authorization process in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of service via unspecified vectors...

ESXi 5.1 < Build 1743201 Multiple Vulnerabilities (remote check)

The remote VMware ESXi host is version 5.1 prior to build 1743201. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the monlist feature in NTP. A remote attacker can exploit this flaw, using a specially crafted packet to load the query function in monlist, to conduct a...

Dissecting a mobile malware

The capillary diffusion of mobile devices, the lack of security systems on these platforms and low level of awareness on principal cyber threats made them a privileged target for cybercrime. We have assisted in the recent year to an explosion of malware designed to hit principal mobile OSs, in a...

Scientific Linux Security Update : sudo on SL5.x i386/x86_64 (20120808)

An insecure temporary file use flaw was found in the sudo package's post-uninstall script. A local attacker could possibly use this flaw to overwrite an arbitrary file via a symbolic link attack, or modify the contents of the '/etc/nsswitch.conf' file during the upgrade or removal of the sudo...

RedHat Update for sudo RHSA-2012:1149-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

RHEL 5 : sudo (RHSA-2012:1149)

An updated sudo package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...