Lucene search
K

109 matches found

OSV
OSV
added 2021/10/20 4:15 p.m.3 views

CVE-2021-21745

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click...

4.3CVSS6.6AI score0.55709EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/06/20 12:0 a.m.20 views

Fedora: Security Advisory for polkit (FEDORA-2021-3f8d6016c9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.3AI score0.22193EPSS
Exploits37References4
Fedora
Fedora
added 2021/06/19 1:14 a.m.91 views

[SECURITY] Fedora 33 Update: polkit-0.117-2.fc33.1

polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...

7.8CVSS2.6AI score0.22193EPSS
Exploits37
CNVD
CNVD
added 2021/04/01 12:0 a.m.6 views

OAuth2 Proxy Access Control Error Vulnerability

OAuth2 Proxy is a reverse proxy that provides authentication with Google, Github or other providers. OAuth2 Proxy suffers from an access control error vulnerability that stems from the fact that none of the authorizations are restricted. No details of the vulnerability are available at this time...

5.5CVSS7AI score0.00987EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/03/26 12:0 a.m.7 views

OAuth2-Proxy 访问控制错误漏洞

OAuth2 Proxy is a reverse proxy that provides authentication with Google, Github or other providers. OAuth2 Proxy suffers from an access control error vulnerability that stems from the fact that none of the authorizations are restricted. No details of the vulnerability are available at this time...

5.5CVSS5.6AI score0.00987EPSS
Exploits0References6
CNVD
CNVD
added 2020/03/16 12:0 a.m.2 views

GitLab Insecure Privilege Vulnerability (CNVD-2020-19611)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab versions 12.7...

9.1CVSS6.8AI score0.01076EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2019/09/02 1:23 p.m.209 views

USN-3934-2: PolicyKit vulnerability

USN-3934-1 fixed a vulnerability in Policykit. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issu...

6.7CVSS6.8AI score0.00446EPSS
Exploits0
Prion
Prion
added 2019/08/29 1:15 a.m.17 views

Design/Logic Flaw

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

6.5CVSS7.7AI score0.02092EPSS
Exploits0References7Affected Software2
NVD
NVD
added 2019/08/02 10:15 p.m.18 views

CVE-2019-7872

An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing us...

6.5CVSS6.3AI score0.00897EPSS
Exploits0References1
Prion
Prion
added 2019/08/02 10:15 p.m.13 views

Design/Logic Flaw

An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing us...

5.5CVSS6.3AI score0.00897EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/02 9:17 p.m.16 views

CVE-2019-7872

An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing us...

6.6AI score0.00897EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/05/07 12:0 a.m.73 views

Fedora Update for polkit FEDORA-2018-2f8696869e

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9CVSS7.8AI score0.11483EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2019/04/03 11:40 a.m.144 views

USN-3934-1: PolicyKit vulnerability

It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations...

6.7CVSS6.8AI score0.00446EPSS
Exploits0
OSV
OSV
added 2019/04/03 11:40 a.m.10 views

USN-3934-1 policykit-1 vulnerability

It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations...

6.7CVSS6.8AI score0.00446EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/03/13 12:0 a.m.24 views

Ubuntu 14.04 LTS : Linux kernel vulnerability (USN-3908-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3908-1 advisory. Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache...

6.7CVSS6.8AI score0.00446EPSS
Exploits0References2
OSV
OSV
added 2019/03/12 9:40 p.m.3 views

USN-3908-1 linux vulnerability

Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations...

6.7CVSS6.8AI score0.00446EPSS
Exploits0References2
Fedora
Fedora
added 2019/01/22 1:35 a.m.39 views

[SECURITY] Fedora 28 Update: polkit-0.115-2.1.fc28

polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...

9CVSS2.6AI score0.11483EPSS
Exploits1
Fedora
Fedora
added 2019/01/13 2:32 a.m.28 views

[SECURITY] Fedora 29 Update: polkit-0.115-4.2.fc29

polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...

9CVSS2.6AI score0.11483EPSS
Exploits1
Fedora
Fedora
added 2018/12/11 1:58 a.m.39 views

[SECURITY] Fedora 28 Update: polkit-0.115-2.fc28

polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...

9CVSS2.6AI score0.11483EPSS
Exploits1
Fedora
Fedora
added 2018/12/10 2:32 a.m.35 views

[SECURITY] Fedora 29 Update: polkit-0.115-4.1.fc29

polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...

9CVSS2.6AI score0.11483EPSS
Exploits1
Rows per page
Query Builder