42 matches found
CVE-2023-42569
Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji...
CVE-2023-42569
CVE-2023-42569 concerns an improper authorization verification in Samsung’s AR Emoji, prior to the SMR Dec-2023 Release 1. The issue allows an attacker to read sandbox data from AR Emoji. Affected: AR Emoji components on Samsung devices. Root cause: improper authorization verification. Impact: re...
CVE-2023-42553
Samsung Email is affected by an improper authorization verification vulnerability in versions before 6.1.90.4 that could allow reading of sandboxed email data. The CVE-2023-42553 entry cites a primary impact (CONF/low) with CVSS v3.1 base score 5.3, and a CNA note of a local vector with CVSS 4.0....
CVE-2023-42553
Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email...
Lack of Post-Allowance Verification Before Token Minting
Lines of code Vulnerability details The code checks if the user txn.sender is allowed via the ALLOWLIST. If not, it sets the user's status to "allowed". However, after this step, there's no subsequent verification to ensure the user has indeed been added to the ALLOWLIST before minting tokens to...
Missing require statements in onlyRole/checkRole modifiers
Lines of code Vulnerability details In LybraConfigurator.sol, there are two modifiers, checkOnlyRole and checkRole from GovernanceTimelock, designed to verify whether the msg.sender is authorized. However, these modifiers lack "require" statements to enforce the condition that the returned boolea...
Design/Logic Flaw
WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to...
CVE-2022-42909
WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to...
CVE-2022-42909
WEPA Print Away is affected by an authorization flaw: a user with an account can generate print orders and release codes for documents they do not own without verifying access. The issue stems from not checking that the user is authorized to access documents before processing print jobs. Public d...
CVE-2022-20928
A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This vulnerability is due to...
Tuleap 安全漏洞
Tuleap is open source an application lifecycle management system that facilitates agile software development, design projects, V-modeling, requirements management and IT service management. A security vulnerability exists in Tuleap version 12.9.99.228 and earlier, and version 14.0.99.24 and...
Tuleap 安全漏洞
Tuleap is an application lifecycle management system that facilitates agile software development, design projects, V-modeling, requirements management and IT service management. An information disclosure vulnerability exists in versions prior to Tuleap 13.9.99.58 that stems from not properly...
Design/Logic Flaw
Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retriev...
CVE-2022-24896 Tracker report renderer and chart widgets leak information in Tuleap
Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retriev...
CVE-2022-24896
CVE-2022-24896 affects Tuleap versions prior to 13.7.99.239. The vulnerability stems from improper authorization checks when displaying content in the Tracker Report Renderer and Chart widgets, allowing an attacker to disclose the name of trackers and the fields used in reports. Impact is informa...
CVE-2022-24896 Tracker report renderer and chart widgets leak information in Tuleap
Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retriev...
Reprise License Manager 14.2 Unauthenticated Password Change
Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44152 Vulnerability Title: Unauthenticated Password Change Severity: High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Date: 2021-11-25...
WordPress SEO Plugin Authentication Bypass
An access control weakness exists in the Wordpress SEO Plugin by Rank Math. The vulnerability is due to a lack of authorization verification on the updateMeta REST endpoint...
CVE-2015-0571
The WLAN aka Wi-Fi driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related ...
Edimax PS-1206MF Authentication Bypass
Title: Edimax PS-1206MF - Web Admin Auth Bypass Date: 30.08.15 Vendor: edimax.com Firmware version: 4.8.25 Author: Smash Contact: smash at devilteam.pl HTTP authorization is not being properly verified while sendind POST requests to .cgi, remote attacker is able to change specific settings or eve...