Improper access control

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data...

CVE-2020-11663

The CVE-2020-11663 entry affects CA API Developer Portal versions up to 4.3.1. The root cause is insecure handling of 404 responses, which can enable open redirect attacks. Exploitation details or affected environments are not provided in the connected documents; no patch/version remediations are...

CVE-2020-11663

CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks...

CVE-2020-11662

CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information...

CVE-2020-11662

CVE-2020-11662 affects Broadcom CA API Developer Portal (4.3.1 and earlier). The root cause is insecure handling of Cross-Origin Resource Sharing (CORS), enabling remote attackers to access sensitive information via the portal. Exploitation details or explicit mitigations are not provided in the ...

CVE-2020-11661

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data...

CVE-2020-11661

CVE-2020-11661 affects Broadcom/CA API Developer Portal 4.3.1 and earlier. The available sources describe an access control flaw that enables privileged users to view and edit user data, constituting an improper access restriction vulnerability. The description is consistently echoed across multi...

CVE-2020-11666

CVE-2020-11666 affects the Broadcom/CA API Developer Portal up to version 4.3.1. The connected sources confirm an access control flaw that lets an attacker escalate privileges via a specially crafted request, i.e., a remote privilege-escalation vulnerability . The vulnerability is tied to imprope...

CVE-2020-11666

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges...

CVE-2020-11665

The CVE-2020-11665 entry concerns CA API Developer Portal, version 4.3.1 and earlier, where the loginRedirect page redirects are handled insecurely, enabling open redirect attacks. Affected product/component: Broadcom CA API Developer Portal (loginRedirect flow). Root cause: insecure handling of ...

CVE-2020-11664

CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks...

CVE-2020-11664

CVE-2020-11664 affects Broadcom CA API Developer Portal (versions 4.3.1 and earlier). The issue is an insecure handling of the homeRedirect page that enables open redirect attacks due to an input validation error. Multiple connected sources confirm the vulnerability and affected product scope; ex...

openSUSE Security Update : chromium (openSUSE-2020-519)

This update for chromium fixes the following issues : Chromium was updated to 81.0.4044.92 boo1168911 : - CVE-2020-6454: Use after free in extensions - CVE-2020-6423: Use after free in audio - CVE-2020-6455: Out of bounds read in WebSQL - CVE-2020-6430: Type Confusion in V8 - CVE-2020-6456:...

Moderate: Red Hat Security Advisory: Red Hat CodeReady Workspaces 2.1.0 release

Red Hat CodeReady Workspaces 2.1.0 has been released. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in th...

KLA11748 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Microsoft Visual Studio can be exploited...

The vulnerability of Google Chrome browser-based development tools lies in the lack of mechanisms for verifying input data, allowing attackers to gain unauthorized access to confidential information.

The vulnerability of Google Chrome browser-based development tools is related to the lack of a mechanism for input validation. Exploiting this vulnerability could allow an attacker to gain unauthorized access to confidential data through a created HTML page...

DEBIAN-CVE-2020-6443

Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page...

CVE-2020-6443

Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page...

CVE-2020-6443

Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page...

CVE-2020-6447

Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page...