Lucene search
+L

84 matches found

CNNVD
CNNVD
added 2023/06/22 12:0 a.m.7 views

HashiCorp Terraform 安全漏洞

HashiCorp Terraform is an open source tool for provisioning and managing cloud infrastructures from HashiCorp, USA. A security vulnerability exists in Terraform Enterprise prior to version v202207-1 that stems from not properly enforcing authorization rules for agent pools, which could result in ...

7.7CVSS7.3AI score0.0042EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/01 12:0 a.m.7 views

PT-2023-3015

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Splunk Cloud Platform versions prior to 9.0.2303.100 Description A low-privileged user with the edit user capabilit...

9CVSS7.8AI score0.73537EPSS
Exploits7References12
Positive Technologies
Positive Technologies
added 2023/05/17 12:0 a.m.5 views

PT-2023-2776 · Cisco · Cisco Dna Center

Name of the Vulnerable Software and Affected Versions: Cisco DNA Center Software affected versions not specified Description: The issue is related to weaknesses in the authorization procedure of the Cisco DNA Center application programming interface. It may allow a remote attacker to gain...

5.4CVSS5.3AI score0.00493EPSS
Exploits0References6
OSV
OSV
added 2023/02/03 9:15 p.m.8 views

CVE-2023-24029

In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...

7.2CVSS7.1AI score0.00887EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/03 12:0 a.m.5 views

Progress Software WS_FTP Server 安全漏洞

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A security vulnerability exists in Progress Software WSFTP Server that stems from insufficient authorization controls over user modifications to the workflow application, where host...

7.2CVSS7AI score0.00887EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/02 12:0 a.m.5 views

PT-2022-5525 · Cisco · Cisco Secure Email/Web Manager +2

Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance ESA affected versions not specified Cisco Secure Email and Web Manager affected versions not specified Cisco Secure Web Appliance affected versions not specified Description: The issue is related to errors in...

6.8CVSS6.2AI score0.00891EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.4 views

Smart eVision 安全漏洞

Smart eVision Information Technology Smart eVision is a business intelligence platform of China Union Quan Information Technology Smart eVision Information Technology Company. Smart eVision is a business intelligence platform that combines business management rooms, dashboards, reports, and input...

6.5CVSS6.5AI score0.00658EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/04/13 12:0 a.m.5 views

PT-2022-2355 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to insufficient API authorization checking on the underlying operating system of the History API in Cisco SD-WAN vManage Software. This could allo...

6.8CVSS6.3AI score0.00877EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.21 views

PT-2022-3548 · Aethon · Aethon Tug Home Base Server

Name of the Vulnerable Software and Affected Versions: Aethon TUG Home Base Server versions prior to version 24 Description: The issue is related to weaknesses in the authorization procedure of the server. It allows a remote attacker to exploit the weakness, potentially enabling them to add and...

8.5CVSS8.1AI score0.00651EPSS
Exploits0References5
Patchstack
Patchstack
added 2022/04/07 12:0 a.m.28 views

WordPress SiteGround Security plugin <= 1.2.5 - Authorization Weakness to Authentication Bypass via 2-Factor Authentication Back-up Codes vulnerability

Authorization Weakness to Authentication Bypass via 2-Factor Authentication Back-up Codes vulnerability discovered by Chloe Chamberland Wordfence in WordPress SiteGround Security plugin versions = 1.2.5. Solution Update the WordPress SiteGround Security plugin to the latest available version at...

9.8CVSS4.5AI score0.07285EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/17 12:0 a.m.4 views

PT-2022-1959 · Webmin +1 · Webmin +1

Name of the Vulnerable Software and Affected Versions: webmin versions prior to 1.990 Description: The issue is related to improper access control in the webmin repository, which can lead to remote code execution. This is due to weaknesses in the authorization mechanism of the File Manager module...

9CVSS7.4AI score0.96977EPSS
Exploits14References28
CNNVD
CNNVD
added 2021/06/12 12:0 a.m.5 views

Receita Federal IRPF 授权问题漏洞

Receita Federal Imposto de Renda Pessoa Física, a personal income tax application from Receita Federal, Inc. has an authorization problem vulnerability in Receita Federal IRPF that stems from a lack of authentication measures or insufficient authentication strength in the network system or produc...

4.3CVSS5.6AI score0.00663EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/03/03 12:0 a.m.14 views

PT-2021-2258 · Cisco · Cisco Webex Meetings

Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings affected versions not specified Description: A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another use...

4.3CVSS6.9AI score0.00808EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/04/20 9:48 p.m.32 views

CVE-2019-19108 B&R Automation Runtime SNMP Authentication and Authorization Weakness

An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP...

9.4CVSS9.4AI score0.0165EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/01/27 12:0 a.m.5 views

The vulnerability of the transaction management function of the SAP Treasury and Risk Management software allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the transaction management function in SAP Treasury and Risk Management involves deficiencies in the authorization mechanism. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected informati...

8.8CVSS7.6AI score0.00887EPSS
Exploits0References3
CNVD
CNVD
added 2019/12/25 12:0 a.m.5 views

CloudBees Jenkins Build Failure Analyzer Plugin Authorization Issues Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . An authorization issue vulnerability exists in CloudBees Jenkins Build Failure Analyzer Plugin 1.24.1 and prior versions. The vulnerability stems from a lack of...

4.3CVSS7.1AI score0.00817EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/10/09 7:26 p.m.22 views

CVE-2019-0057 NFX Series: An attacker may be able to take control of the JDM application and subsequently the entire system.

An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager JDM application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1,...

7.8CVSS7.9AI score0.00379EPSS
Exploits0References1
OSV
OSV
added 2018/07/31 2:29 p.m.8 views

CVE-2017-17708

Because of insufficient authorization checks it is possible for any authenticated user to change profile data of other users in Pleasant Password Server before 7.8.3...

4.3CVSS5.8AI score0.00584EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.4 views

Workbench: Insufficient authorization constraints

It was discovered that the default authorization constrains applied on servelets deployed in the KIE Workbench application were insufficient. A remote, authenticated user without sufficient privileges could use this flaw to upload or download arbitrary files, perform privileged actions that...

6.5CVSS5.8AI score0.01905EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2008/12/30 12:0 a.m.20 views

chicomas 2.0.4 XSS / Database Disclosure

www.BugReport.ir AmnPardaz Security Research Team Title: chicomas Dtabase Information Disclosure POC: http://URL/chicomas/config.inc +--The Latest generated Database backups POC: http://URL/chicomas/backup +--Cross Site Scripting XSS. Reflected XSS attack in "index.php" in "q" parameter. POC:...

7.4AI score
Exploits0
Rows per page
Query Builder