Lucene search
+L

83 matches found

ptsecurity
ptsecurity
added 2025/01/21 12:0 a.m.3 views

PT-2025-4245 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.5 through 12.2.13 Description: The issue is related to weaknesses in the authorization mechanism of the Service Requests component in Oracle Customer Care. This can be exploited by a remote attacker using...

8.5CVSS8.4AI score0.00539EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/01/14 12:0 a.m.5 views

PT-2025-1103 · Microsoft · Windows App Package Installer +1

Name of the Vulnerable Software and Affected Versions: Windows App Package Installer affected versions not specified Description: The issue is related to weaknesses in the authorization procedure of the Windows App Package Installer, allowing an attacker to elevate their privileges. This can be...

7.8CVSS9.5AI score0.00606EPSS
Exploits0References13
osv
osv
added 2024/11/18 4:15 p.m.6 views

CVE-2021-1410

A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update...

4.3CVSS5.8AI score0.00808EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/10/25 12:0 a.m.6 views

PT-2024-7497

Name of the Vulnerable Software and Affected Versions: Spring WebFlux affected versions not specified Description: The issue is caused by weaknesses in the authorization procedure of the Spring Framework's WebMvc.fn and WebFlux.fn functional web frameworks. This can allow a remote attacker to...

9.4CVSS6.7AI score0.01726EPSS
Exploits2References46
ptsecurity
ptsecurity
added 2024/10/09 12:0 a.m.8 views

PT-2024-7510 · Nginx · Nginx-Ui

Name of the Vulnerable Software and Affected Versions: Nginx UI versions prior to 2.0.0-beta.36 Description: The issue is related to the configuration settings of the Nginx UI server, specifically the /api/configs directory, and is associated with weaknesses in the authorization procedure. This c...

7.5CVSS6.7AI score0.0063EPSS
Exploits0References9
cnnvd
cnnvd
added 2024/10/02 12:0 a.m.5 views

Cisco Nexus Dashboard 安全漏洞

Cisco Nexus Dashboard is a single console from Cisco, Inc. It can simplify the operation and management of data center networks. A security vulnerability exists in Cisco Nexus Dashboard that stems from insufficient authorization controls on certain REST API endpoints. Allowing an authenticated,...

5.4CVSS6.8AI score0.00362EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/06/30 12:0 a.m.8 views

PT-2024-4811 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue is caused by weaknesses in the authorization procedure of the InfoSphere Information Server platform. This allows an attacker to modify arbitrary projects, potentially givi...

3.3CVSS6.7AI score0.00162EPSS
Exploits0References6
cnnvd
cnnvd
added 2024/06/27 12:0 a.m.5 views

Elektraweb Trust Management Issues Vulnerability

Elektraweb is a cloud-hosted web-based hotel program from Elektraweb, Turkey. A trust management issue vulnerability exists in Elektraweb versions prior to v17.0.68, which stems from a security issue where the system suffers from improper access control, lack of authorization, incorrect...

9.8CVSS6.7AI score0.00528EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/05/29 12:0 a.m.12 views

PT-2024-3936 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2022.04.7 JetBrains TeamCity versions prior to 2022.10.6 JetBrains TeamCity versions prior to 2023.05.6 JetBrains TeamCity versions prior to 2023.11.5 JetBrains TeamCity versions prior to 2024.03.2...

8.1CVSS7.2AI score0.00282EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2024/04/23 12:0 a.m.4 views

PT-2024-5967 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.4 through 17.0.4 GitLab CE/EE versions 17.1 through 17.1.2 GitLab CE/EE versions 17.2 through 17.2.0 Description: The issue is related to an information disclosure vulnerability in the project/group exports component ...

6.8CVSS6.5AI score0.00302EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2024/03/27 12:0 a.m.7 views

PT-2024-2544 · Jetbrains · Jetbrains Teamcity +1

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.03 Description: The issue is related to weaknesses in the authorization mechanism of JetBrains TeamCity, a continuous integration and deployment system. This weakness can be exploited by a remote...

6.8CVSS7.2AI score0.00428EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2023/12/12 12:0 a.m.2 views

PT-2023-9245 · Unknown · Masterscada

Name of the Vulnerable Software and Affected Versions: MasterSCADA version 4D Description: The issue is related to weaknesses in the authorization procedure of the SCADA system. Exploitation of this issue may allow a remote attacker to read and write arbitrary files. Recommendations: For...

10CVSS7AI score
Exploits0References1
ptsecurity
ptsecurity
added 2023/12/07 12:0 a.m.8 views

PT-2023-9624 · Oracle +2 · Mysql Server +1

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.36 and prior MySQL Server versions 8.3.0 and prior Description: The issue is related to a vulnerability in the InnoDB component of the MySQL Server product, which is caused by weaknesses in the authorization procedur...

6.6CVSS5.5AI score0.01107EPSS
Exploits0References107
ptsecurity
ptsecurity
added 2023/12/07 12:0 a.m.6 views

PT-2023-9591 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.7 through 12.2.13 Description: The issue is related to a component of the Oracle Quoting product in Oracle E-Business Suite, specifically the User Interface, and is associated with weaknesses in the...

8.5CVSS8.1AI score0.00422EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2023/12/07 12:0 a.m.4 views

PT-2023-9648 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to a component of Oracle Trading Community, specifically the Party Search UI, and is associated with weaknesses in the authorization procedure. This...

8.5CVSS7.8AI score0.004EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2023/12/07 12:0 a.m.8 views

PT-2023-9590 · Oracle · Oracle Banking Liquidity Management

Name of the Vulnerable Software and Affected Versions: Oracle Banking Liquidity Management version 14.5.0.12.0 Description: The issue is related to a component called Reports in the Oracle Banking Liquidity Management product. It allows a low-privileged attacker with network access via HTTP to...

7.1CVSS7.8AI score0.00325EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2023/12/04 12:0 a.m.6 views

PT-2023-7927 · Hitachi Vantara · Hitachi Vantara Hnas

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara HNAS versions prior to 14.8.7825.01 Description: The issue allows authenticated users to access sensitive information through Insecure Direct Object Reference IDOR. This can be achieved by manipulating URLs, enabling users in...

7.8CVSS6.5AI score0.00544EPSS
Exploits5References12
ptsecurity
ptsecurity
added 2023/10/19 12:0 a.m.5 views

PT-2023-6355 · Connectize · Connectize Ac21000 G6

Name of the Vulnerable Software and Affected Versions: Connectize AC21000 G6 version 641.139.1.1256 Description: An issue in the Connectize AC21000 G6 allows attackers to run arbitrary commands via a crafted string in the ping utility. The vulnerability is caused by weaknesses in the authorizatio...

9.8CVSS7.5AI score0.00726EPSS
Exploits1References19
vulncheck_kev
vulncheck_kev
added 2023/07/27 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-0732

The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR Insecure Direct Object Reference vulnerability...

7.5CVSS7.1AI score0.0247EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/06/22 12:0 a.m.7 views

HashiCorp Terraform 安全漏洞

HashiCorp Terraform is an open source tool for provisioning and managing cloud infrastructures from HashiCorp, USA. A security vulnerability exists in Terraform Enterprise prior to version v202207-1 that stems from not properly enforcing authorization rules for agent pools, which could result in ...

7.7CVSS7.3AI score0.0042EPSS
Exploits0References2
Rows per page
Query Builder