Lucene search
K

5737 matches found

OSV
OSV
added 2020/10/12 2:15 p.m.6 views

CVE-2020-9090

FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product...

7.8CVSS7.1AI score0.00222EPSS
Exploits0References1
NVD
NVD
added 2020/10/12 2:15 p.m.21 views

CVE-2020-9090

FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product...

7.8CVSS0.00222EPSS
Exploits0References1
CVE
CVE
added 2020/10/12 1:29 p.m.51 views

CVE-2020-9090

The CVE-2020-9090 issue affects Huawei FusionAccess 6.5.1, where an improper authorization vulnerability allows a command to run with incorrect privileges. The root cause is a mis-authorization of commands, enabling attackers with different privileges to exploit the flaw and potentially disrupt n...

7.8CVSS7.8AI score0.00222EPSS
Exploits0References1Affected Software1
ICS
ICS
added 2020/10/08 12:0 a.m.63 views

Johnson Controls Sensormatic Electronics American Dynamics victor Web Client and Software House C•CURE Web Client (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION : Low skill level to exploit Vendor : Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Equipment : American Dynamics victor Web Client Vulnerability : Improper Authorization 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

8.1CVSS7.9AI score0.01131EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2020/10/02 12:0 a.m.310 views

MailDepot 2032 SP2 (2.2.1242) Authorization Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2019-048 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Versions: 2032 SP2 2.2.1242 Tested Versions: 2032 SP2 2.2.1242 Vulnerability Type: Improper Authorization CWE-285 Risk Level: High Solution Status: Fixed Manufacturer...

0.1AI score0.01707EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2020/09/17 1:7 p.m.3 views

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

7.5CVSS5.7AI score0.01438EPSS
Exploits0References4
OSV
OSV
added 2020/09/16 4:15 p.m.4 views

CVE-2020-7530

A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...

8.8CVSS7.4AI score0.01183EPSS
Exploits0References1
NVD
NVD
added 2020/09/16 4:15 p.m.20 views

CVE-2020-7530

A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...

8.8CVSS0.01183EPSS
Exploits0References1
NVD
NVD
added 2020/09/16 4:15 p.m.20 views

CVE-2020-1748

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secur...

7.5CVSS0.01438EPSS
Exploits0References2
CVE
CVE
added 2020/09/16 3:40 p.m.47 views

CVE-2020-7530

CVE-2020-7530 affects SCADAPack 7x Remote Connect ≤ 3.6.3.574, with a CWE-285 improper authorization flaw that enables access to executable code folders. Root cause: insufficient/authentication weakness in the authorization mechanism. Consequence: potential unauthorized access to folders containi...

8.8CVSS8.6AI score0.01183EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/16 3:40 p.m.22 views

CVE-2020-7530

A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...

8.8AI score0.01183EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/16 3:27 p.m.17 views

CVE-2020-1748

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secur...

8.4AI score0.01438EPSS
Exploits0References2
CNVD
CNVD
added 2020/09/15 12:0 a.m.7 views

GitLab Improper Authorization Vulnerability (CNVD-2020-52425)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An improper authorization vulnerability exists in GitLab versions prior to 13.1.10, 13.2.8, and...

4.3CVSS6.7AI score0.00981EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/09/07 1:5 p.m.4 views

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

7.5CVSS5.7AI score0.01438EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/07 12:58 p.m.3 views

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

7.5CVSS5.7AI score0.01438EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/07 12:58 p.m.3 views

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

7.5CVSS5.7AI score0.01438EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/07 12:57 p.m.3 views

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

7.5CVSS5.7AI score0.01438EPSS
Exploits0References4
OSV
OSV
added 2020/09/04 5:23 p.m.11 views

GHSA-V6C5-HWQG-3X5Q Improper Authorization in passport-cognito

All versions of passport-cognito are vulnerable to Improper Authorization. The package fails to properly scope the variables containing authorization information, such as access token, refresh token and ID token. This causes a race condition where simultaneous authenticated users may receive...

6.3AI score0.00298EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2020/09/04 5:23 p.m.30 views

Improper Authorization in passport-cognito

All versions of passport-cognito are vulnerable to Improper Authorization. The package fails to properly scope the variables containing authorization information, such as access token, refresh token and ID token. This causes a race condition where simultaneous authenticated users may receive...

3.7AI score0.00298EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/03 3:54 p.m.25 views

Improper Authorization in @sap-cloud-sdk/core

Affected versions of @sap-cloud-sdk/core do not properly validate JWTs. The verifyJwt function does not properly validate the URL from where the public verification key for the JWT can be downloaded. Any URL was trusted which makes it possible to provide a URL belonging to a manipulated JWT...

4.1AI score
Exploits0References2Affected Software1
Rows per page
Query Builder