109 matches found
CVE-2021-21745
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click...
Fedora: Security Advisory for polkit (FEDORA-2021-3f8d6016c9)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 33 Update: polkit-0.117-2.fc33.1
polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...
OAuth2 Proxy Access Control Error Vulnerability
OAuth2 Proxy is a reverse proxy that provides authentication with Google, Github or other providers. OAuth2 Proxy suffers from an access control error vulnerability that stems from the fact that none of the authorizations are restricted. No details of the vulnerability are available at this time...
OAuth2-Proxy 访问控制错误漏洞
OAuth2 Proxy is a reverse proxy that provides authentication with Google, Github or other providers. OAuth2 Proxy suffers from an access control error vulnerability that stems from the fact that none of the authorizations are restricted. No details of the vulnerability are available at this time...
GitLab Insecure Privilege Vulnerability (CNVD-2020-19611)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab versions 12.7...
USN-3934-2: PolicyKit vulnerability
USN-3934-1 fixed a vulnerability in Policykit. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issu...
Design/Logic Flaw
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...
CVE-2019-7872
An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing us...
Design/Logic Flaw
An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing us...
CVE-2019-7872
An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing us...
Fedora Update for polkit FEDORA-2018-2f8696869e
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
USN-3934-1: PolicyKit vulnerability
It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations...
USN-3934-1 policykit-1 vulnerability
It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations...
Ubuntu 14.04 LTS : Linux kernel vulnerability (USN-3908-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3908-1 advisory. Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache...
USN-3908-1 linux vulnerability
Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations...
[SECURITY] Fedora 28 Update: polkit-0.115-2.1.fc28
polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...
[SECURITY] Fedora 29 Update: polkit-0.115-4.2.fc29
polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...
[SECURITY] Fedora 28 Update: polkit-0.115-2.fc28
polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...
[SECURITY] Fedora 29 Update: polkit-0.115-4.1.fc29
polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...