83 matches found
PT-2025-4245 · Oracle · Oracle E-Business Suite +1
Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.5 through 12.2.13 Description: The issue is related to weaknesses in the authorization mechanism of the Service Requests component in Oracle Customer Care. This can be exploited by a remote attacker using...
PT-2025-1103 · Microsoft · Windows App Package Installer +1
Name of the Vulnerable Software and Affected Versions: Windows App Package Installer affected versions not specified Description: The issue is related to weaknesses in the authorization procedure of the Windows App Package Installer, allowing an attacker to elevate their privileges. This can be...
CVE-2021-1410
A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update...
PT-2024-7497
Name of the Vulnerable Software and Affected Versions: Spring WebFlux affected versions not specified Description: The issue is caused by weaknesses in the authorization procedure of the Spring Framework's WebMvc.fn and WebFlux.fn functional web frameworks. This can allow a remote attacker to...
PT-2024-7510 · Nginx · Nginx-Ui
Name of the Vulnerable Software and Affected Versions: Nginx UI versions prior to 2.0.0-beta.36 Description: The issue is related to the configuration settings of the Nginx UI server, specifically the /api/configs directory, and is associated with weaknesses in the authorization procedure. This c...
Cisco Nexus Dashboard 安全漏洞
Cisco Nexus Dashboard is a single console from Cisco, Inc. It can simplify the operation and management of data center networks. A security vulnerability exists in Cisco Nexus Dashboard that stems from insufficient authorization controls on certain REST API endpoints. Allowing an authenticated,...
PT-2024-4811 · Ibm · Ibm Infosphere Information Server
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue is caused by weaknesses in the authorization procedure of the InfoSphere Information Server platform. This allows an attacker to modify arbitrary projects, potentially givi...
Elektraweb Trust Management Issues Vulnerability
Elektraweb is a cloud-hosted web-based hotel program from Elektraweb, Turkey. A trust management issue vulnerability exists in Elektraweb versions prior to v17.0.68, which stems from a security issue where the system suffers from improper access control, lack of authorization, incorrect...
PT-2024-3936 · Jetbrains · Teamcity
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2022.04.7 JetBrains TeamCity versions prior to 2022.10.6 JetBrains TeamCity versions prior to 2023.05.6 JetBrains TeamCity versions prior to 2023.11.5 JetBrains TeamCity versions prior to 2024.03.2...
PT-2024-5967 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.4 through 17.0.4 GitLab CE/EE versions 17.1 through 17.1.2 GitLab CE/EE versions 17.2 through 17.2.0 Description: The issue is related to an information disclosure vulnerability in the project/group exports component ...
PT-2024-2544 · Jetbrains · Jetbrains Teamcity +1
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.03 Description: The issue is related to weaknesses in the authorization mechanism of JetBrains TeamCity, a continuous integration and deployment system. This weakness can be exploited by a remote...
PT-2023-9245 · Unknown · Masterscada
Name of the Vulnerable Software and Affected Versions: MasterSCADA version 4D Description: The issue is related to weaknesses in the authorization procedure of the SCADA system. Exploitation of this issue may allow a remote attacker to read and write arbitrary files. Recommendations: For...
PT-2023-9624 · Oracle +2 · Mysql Server +1
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.36 and prior MySQL Server versions 8.3.0 and prior Description: The issue is related to a vulnerability in the InnoDB component of the MySQL Server product, which is caused by weaknesses in the authorization procedur...
PT-2023-9591 · Oracle · Oracle E-Business Suite +1
Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.7 through 12.2.13 Description: The issue is related to a component of the Oracle Quoting product in Oracle E-Business Suite, specifically the User Interface, and is associated with weaknesses in the...
PT-2023-9648 · Oracle · Oracle E-Business Suite +1
Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to a component of Oracle Trading Community, specifically the Party Search UI, and is associated with weaknesses in the authorization procedure. This...
PT-2023-9590 · Oracle · Oracle Banking Liquidity Management
Name of the Vulnerable Software and Affected Versions: Oracle Banking Liquidity Management version 14.5.0.12.0 Description: The issue is related to a component called Reports in the Oracle Banking Liquidity Management product. It allows a low-privileged attacker with network access via HTTP to...
PT-2023-7927 · Hitachi Vantara · Hitachi Vantara Hnas
Name of the Vulnerable Software and Affected Versions: Hitachi Vantara HNAS versions prior to 14.8.7825.01 Description: The issue allows authenticated users to access sensitive information through Insecure Direct Object Reference IDOR. This can be achieved by manipulating URLs, enabling users in...
PT-2023-6355 · Connectize · Connectize Ac21000 G6
Name of the Vulnerable Software and Affected Versions: Connectize AC21000 G6 version 641.139.1.1256 Description: An issue in the Connectize AC21000 G6 allows attackers to run arbitrary commands via a crafted string in the ping utility. The vulnerability is caused by weaknesses in the authorizatio...
VulnCheck KEV: CVE-2022-0732
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR Insecure Direct Object Reference vulnerability...
HashiCorp Terraform 安全漏洞
HashiCorp Terraform is an open source tool for provisioning and managing cloud infrastructures from HashiCorp, USA. A security vulnerability exists in Terraform Enterprise prior to version v202207-1 that stems from not properly enforcing authorization rules for agent pools, which could result in ...