Lucene search
+L

42 matches found

Vulnrichment
Vulnrichment
added 2023/12/05 2:44 a.m.16 views

CVE-2023-42569

Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji...

4CVSS6.7AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 2023/12/05 2:44 a.m.36 views

CVE-2023-42569

CVE-2023-42569 concerns an improper authorization verification in Samsung’s AR Emoji, prior to the SMR Dec-2023 Release 1. The issue allows an attacker to read sandbox data from AR Emoji. Affected: AR Emoji components on Samsung devices. Root cause: improper authorization verification. Impact: re...

4CVSS4.1AI score0.00207EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/07 7:49 a.m.46 views

CVE-2023-42553

Samsung Email is affected by an improper authorization verification vulnerability in versions before 6.1.90.4 that could allow reading of sandboxed email data. The CVE-2023-42553 entry cites a primary impact (CONF/low) with CVSS v3.1 base score 5.3, and a CNA note of a local vector with CVSS 4.0....

5.3CVSS5.2AI score0.00379EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/07 7:49 a.m.32 views

CVE-2023-42553

Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email...

4CVSS5.5AI score0.00379EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/09/07 12:0 a.m.10 views

Lack of Post-Allowance Verification Before Token Minting

Lines of code Vulnerability details The code checks if the user txn.sender is allowed via the ALLOWLIST. If not, it sets the user's status to "allowed". However, after this step, there's no subsequent verification to ensure the user has indeed been added to the ALLOWLIST before minting tokens to...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/03 12:0 a.m.16 views

Missing require statements in onlyRole/checkRole modifiers

Lines of code Vulnerability details In LybraConfigurator.sol, there are two modifiers, checkOnlyRole and checkRole from GovernanceTimelock, designed to verify whether the msg.sender is authorized. However, these modifiers lack "require" statements to enforce the condition that the returned boolea...

6.9AI score
Exploits0
Prion
Prion
added 2023/02/03 7:15 p.m.15 views

Design/Logic Flaw

WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to...

5.5CVSS5.4AI score0.00363EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/03 12:0 a.m.24 views

CVE-2022-42909

WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to...

6.5CVSS6.6AI score0.00363EPSS
Exploits0References2
CVE
CVE
added 2023/02/03 12:0 a.m.57 views

CVE-2022-42909

WEPA Print Away is affected by an authorization flaw: a user with an account can generate print orders and release codes for documents they do not own without verifying access. The issue stems from not checking that the user is authorized to access documents before processing print jobs. Public d...

6.5CVSS5.4AI score0.00363EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/11/15 9:15 p.m.32 views

CVE-2022-20928

A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This vulnerability is due to...

5.8CVSS0.00683EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.3 views

Tuleap 安全漏洞

Tuleap is open source an application lifecycle management system that facilitates agile software development, design projects, V-modeling, requirements management and IT service management. A security vulnerability exists in Tuleap version 12.9.99.228 and earlier, and version 14.0.99.24 and...

5.4CVSS5.7AI score0.00609EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/06/29 12:0 a.m.5 views

Tuleap 安全漏洞

Tuleap is an application lifecycle management system that facilitates agile software development, design projects, V-modeling, requirements management and IT service management. An information disclosure vulnerability exists in versions prior to Tuleap 13.9.99.58 that stems from not properly...

4.3CVSS5.6AI score0.00911EPSS
Exploits0References7
Prion
Prion
added 2022/06/09 6:15 a.m.18 views

Design/Logic Flaw

Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retriev...

4CVSS4.6AI score0.00726EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/06/06 7:30 p.m.36 views

CVE-2022-24896 Tracker report renderer and chart widgets leak information in Tuleap

Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retriev...

4.3CVSS4.8AI score0.00726EPSS
Exploits0References4
CVE
CVE
added 2022/06/06 7:30 p.m.64 views

CVE-2022-24896

CVE-2022-24896 affects Tuleap versions prior to 13.7.99.239. The vulnerability stems from improper authorization checks when displaying content in the Tracker Report Renderer and Chart widgets, allowing an attacker to disclose the name of trackers and the fields used in reports. Impact is informa...

4.3CVSS4.5AI score0.00726EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/06/06 7:30 p.m.26 views

CVE-2022-24896 Tracker report renderer and chart widgets leak information in Tuleap

Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retriev...

4.3CVSS5AI score0.00726EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2021/12/08 12:0 a.m.412 views

Reprise License Manager 14.2 Unauthenticated Password Change

Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44152 Vulnerability Title: Unauthenticated Password Change Severity: High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Date: 2021-11-25...

0.58555EPSS
Exploits3
Check Point Advisories
Check Point Advisories
added 2020/05/01 12:0 a.m.3 views

WordPress SEO Plugin Authentication Bypass

An access control weakness exists in the Wordpress SEO Plugin by Rank Math. The vulnerability is due to a lack of authorization verification on the updateMeta REST endpoint...

3.3AI score
Exploits0
UbuntuCve
UbuntuCve
added 2016/05/09 10:59 a.m.30 views

CVE-2015-0571

The WLAN aka Wi-Fi driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related ...

9.3CVSS7.1AI score0.01354EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2015/08/31 12:0 a.m.29 views

Edimax PS-1206MF Authentication Bypass

Title: Edimax PS-1206MF - Web Admin Auth Bypass Date: 30.08.15 Vendor: edimax.com Firmware version: 4.8.25 Author: Smash Contact: smash at devilteam.pl HTTP authorization is not being properly verified while sendind POST requests to .cgi, remote attacker is able to change specific settings or eve...

0.6AI score
Exploits0
Rows per page
Query Builder