435 matches found
The vulnerability of the adminPushRules function in the Project-level Deploy Token Handler component of the software platform based on Git, which facilitates collaborative code development in GitLab. This vulnerability allows a malicious user to create deployment tokens at the project level.
The vulnerability of the adminPushRules function in the Project-level Deploy Token Handler component of the software platform based on Git for collaborative code development on GitLab is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to crea...
The vulnerability of the Canvas component in Google Chrome and Microsoft Edge browsers allows attackers to gain unauthorized access to limited functionality.
The vulnerability of the Canvas component in Google Chrome and Microsoft Edge is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to limited functionality...
The vulnerability of the Programming Software Connection component of AutomationDirect P3-550E allows a intruder to gain unauthorized access to protected information.
The vulnerability of the Programming Software Connection component of AutomationDirect P3-550E microprogrammed logic controllers is related to lack of access control measures. Exploiting this vulnerability could allow an attacker to gain access to confidential information...
The vulnerability of the Bitbucket Credentials Handler component of the Git-based software platform allows a hacker to gain control of a GitLab account associated with a Bitbucket account of another user, provided that Bitbucket is used as an OAuth 2.0 provider in GitLab.
The vulnerability of the Bitbucket Credentials Handler component of the Git-based software platform for collaborative code development on GitLab is related to inadequate access control mechanisms. Exploiting this vulnerability could allow a malicious actor to gain control over a GitLab account...
The vulnerability of the IBM Security Guardium information protection tool lies in its lack of access control mechanisms, allowing attackers to enhance their privileges.
The vulnerability of the IBM Security Guardium security tool is related to deficiencies in access control. Exploiting this vulnerability could allow attackers to enhance their privileges...
The vulnerability in the exec-path configuration of the dockerd daemon on the Docker Desktop operating system for development and container application delivery platforms allows a attacker to trigger a service failure.
The vulnerability of the exec-path configuration in the dockerd daemon of the Docker Desktop operating system for container application development and delivery involves deficiencies in access control. Exploiting this vulnerability could allow an attacker to cause service failures...
The vulnerability of Netgear WNR614 N300 Wi-Fi router’s microprogramming software, related to permission processing errors, allows a intruder to gain unauthorized access to protected information.
The vulnerability of Netgear WNR614 N300 Wi-Fi router’s microprogramming software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of Kubernetes cluster extensions that support Azure Arc, related to access control deficiencies, allows attackers to escalate their privileges.
The vulnerability of Kubernetes cluster extensions that support Azure Arc is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system, related to inadequate access control mechanisms, allows attackers to circumvent existing security restrictions.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...
CVE-2024-31684
Incorrect access control in the fingerprint authentication mechanism of Bitdefender Mobile Security v4.11.3-gms allows attackers to bypass fingerprint authentication due to the use of a deprecated API...
The vulnerability of the vbluetooth components in VMware Fusion and Vmware Workstation allows a hacker to gain unauthorized access to protected information.
The vulnerability of the vbluetooth components in VMware Fusion and Vmware Workstation is related to lack of access control mechanisms. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...
Vulnerability of the Server component: The DML of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the Oracle MySQL Server component is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to cause service interruptions using the MySQL protocol...
Vulnerability of the Server component: The DML of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the Oracle MySQL Server component is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to cause service interruptions using the MySQL protocol...
PT-2024-3488 · Brocade · Brocade Sannav
Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions affected versions not specified Description: The issue is related to inadequate access control in the software, which could allow a remote attacker to impact the confidentiality, integrity, and availability of protecte...
PT-2024-2831 · Microsoft · Defender For Iot
Name of the Vulnerable Software and Affected Versions: Microsoft Defender for IoT affected versions not specified Description: The issue is related to insufficient access control in Microsoft Defender for IoT, which could allow a remote attacker to elevate their privileges. Recommendations: At th...
The vulnerability of the command-line interface (CLI) of Cisco IOS XE wireless access controller devices allows attackers to increase their privileges.
The vulnerability of the command-line interface CLI of Cisco IOS XE wireless LAN controller systems is related to deficiencies in access control due to the use of the show and show tech wireless commands in WLAN configuration. Exploiting this vulnerability can allow an attacker to increase their...
GHSA-CJ3C-5XPM-CX94 Kimai API returns timesheet entries a user should not be authorized to view
Summary The permission viewothertimesheet performs differently for the Kimai UI and the API, thus returning unexpected data through the API. Details When setting the viewothertimesheet permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When...
Kimai API returns timesheet entries a user should not be authorized to view
Summary The permission viewothertimesheet performs differently for the Kimai UI and the API, thus returning unexpected data through the API. Details When setting the viewothertimesheet permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When...
The vulnerability of the Kernel-mode operating system driver in Windows allows a hacker to increase their privileges.
The vulnerability of the Kernel-mode operating system drivers in Windows is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to enhance their privileges...
Qualcomm Chipsets Security Vulnerability
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from improper access control in HAB leading to memory corruption in automotive multimedia...