11 matches found
CVE-2024-45397 H2O alllows bypassing address-based access control with 0-RTT
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...
CVE-2024-7005
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. Chromium security severity: Low...
CVE-2024-7004
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. Chromium security severity: Low...
CVE-2024-7005
CVE-2024-7005 concerns Google Chrome/Chromium where insufficient validation of untrusted input in Safe Browsing allowed a remote attacker to bypass discretionary access control by convincing a user to perform specific UI gestures with a malicious file. The vulnerability affects Chrome/Chromium pr...
CVE-2023-46319
WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface...
CVE-2023-46319
CVE-2023-46319 affects WALLIX Bastion, specifically versions 9.x prior to 9.0.9 and 10.x prior to 10.0.5. The issue is an access-control bypass in the network access administration web interface that allows unauthenticated access to sensitive information. Affected software is WALLIX Bastion; vuln...
Improper access control
The public API error causes for the attacker to be able to bypass API access control...
CVE-2021-29662
The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...
CVE-2020-16020
Inappropriate implementation in cryptohome in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass discretionary access control via a malicious file...
Improper access control
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service preventing terminal launch, or possibly have other impact bypassing terminal access control...
Debian DSA-3495-1 : xymon - security update
Markus Krell discovered that xymon, a network- and applications-monitoring system, was vulnerable to the following security issues : - CVE-2016-2054 The incorrect handling of user-supplied input in the 'config' command can trigger a stack-based buffer overflow, resulting in denial of service via...