Lucene search
K

5706 matches found

NVD
NVD
added 2018/07/23 7:29 p.m.27 views

CVE-2018-1999004

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches...

4.3CVSS4.4AI score0.00942EPSS
Exploits0References2
OSV
OSV
added 2018/07/23 7:29 p.m.26 views

CVE-2018-1999004

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches...

4.3CVSS6.3AI score
Exploits0References2
CVE
CVE
added 2018/07/23 7:0 p.m.116 views

CVE-2018-1999004

The connected sources confirm CVE-2018-1999004 is an improper authorization flaw in Jenkins prior to version 2.133 (and prior to 2.132/2.121.1 as cited by various records) affecting SlaveComputer.java, where users with Overall/Read permission can initiate agent launches and abort in-progress laun...

4.3CVSS5.8AI score0.00942EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/07/05 1:29 p.m.17 views

CVE-2017-16773

Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode...

8.8CVSS6.8AI score0.0135EPSS
Exploits0References1
OSV
OSV
added 2018/07/05 1:29 p.m.4 views

CVE-2017-16773

Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode...

8.8CVSS5.8AI score0.0135EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/07/05 1:0 p.m.22 views

CVE-2017-16773

Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode...

6.5CVSS8.4AI score0.0135EPSS
Exploits0References1
CVE
CVE
added 2018/07/05 1:0 p.m.48 views

CVE-2017-16773

CVE-2017-16773 affects Synology Universal Search, specifically the Highlight Preview component, prior to version 1.0.5-0135. The root cause is an improper authorization check that allows remote authenticated users to bypass directory permissions in POSIX mode. Impact is the ability to access or b...

8.8CVSS8.2AI score0.0135EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 11:50 a.m.19 views

Security Bulletin: Improper authorization by non-admin user in IBM Content Navigator (CVE-2014-0858)

Summary Using 3rd party tools, a non-admin user can modify the URL action so that instead of a getAction, the user can perform a deleteAction against the configuration database. Vulnerability Details CVEID: CVE-2014-0858 DESCRIPTION: Improper authorization by non-admin user CVSS Base Score: 3.5...

3.5CVSS1.1AI score0.00904EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:45 p.m.22 views

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Improper Authorization Vulnerability (CVE-2016-0239)

Summary IBM Security Guardium Database Activity Monitor could allow a remote authenticated attacker to issue a specially HTTP request as administrator. Vulnerability Details CVEID: CVE-2016-0239 DESCRIPTION: IBM Security Guardium Database Activity Monitor could allow a remote authenticated attack...

8.8CVSS1.4AI score0.01247EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2018/06/15 12:0 a.m.5 views

Synology Calendar Improper Authorization Vulnerability

Synology Calendar is a file protection program from Synology that runs on Synology NAS devices. An authorization issue vulnerability exists in SYNO.Cal.Event in Synology Calendar. A remote attacker can exploit this vulnerability to create arbitrary events with the 'calid' or 'originalcalid'...

6.5CVSS6.2AI score0.00907EPSS
Exploits0References1
Prion
Prion
added 2018/06/14 2:29 p.m.16 views

Authorization

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the 1 calid or 2 originalcalid parameter...

4CVSS6.3AI score0.00907EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/06/14 2:29 p.m.17 views

CVE-2018-8927

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the 1 calid or 2 originalcalid parameter...

6.5CVSS5.6AI score0.00907EPSS
Exploits0References1
CVE
CVE
added 2018/06/14 2:0 p.m.49 views

CVE-2018-8927

The CVE-2018-8927 entry concerns Synology Calendar (SYNO.Cal.Event). The vulnerability is an improper authorization issue in Calendar before version 2.1.2-0511, enabling remote authenticated users to create arbitrary events through the cal_id or original_cal_id parameters. The provided documents ...

6.5CVSS6.2AI score0.00907EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/14 2:0 p.m.19 views

CVE-2018-8927

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the 1 calid or 2 originalcalid parameter...

5.4CVSS6.3AI score0.00907EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/25 12:0 a.m.6 views

OpenFlow has multiple vulnerabilities

OpenFlow is an open source network communication protocol, a data link layer that controls the forwarding plane of a network switch or router, and is considered one of the first software-defined networking SDN standards. A denial of service and improper authorization vulnerability exists in the...

9.8CVSS9.3AI score0.01209EPSS
Exploits0References1
NVD
NVD
added 2018/05/24 1:29 p.m.25 views

CVE-2018-1000155

OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID DataPath IDentifier in the featuresreply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network...

9.8CVSS9.3AI score0.01209EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/05/24 1:0 p.m.25 views

CVE-2018-1000155

OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID DataPath IDentifier in the featuresreply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network...

9.3AI score0.01209EPSS
Exploits0References1
CVE
CVE
added 2018/05/24 1:0 p.m.73 views

CVE-2018-1000155

OpenFlow vulnerability CVE-2018-1000155 affects OpenFlow 1.0 and later during the handshake: the DPID in features_reply is treated as trusted by the controller, enabling Denial of Service and Improper Authorization. The issue can lead to DoS, Unauthorized Access, and network instability once an a...

9.8CVSS9.2AI score0.01209EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2018/05/07 12:0 a.m.8 views

PT-2018-25: Improper Authorization in PRTG Network Monitor

The specialists of the Positive Research center have detected an Improper Authorization vulnerability in PRTG Network Monitor. Vulnerability due to improper validation of user rights allows attackers with read-only privileges to create users with read-write privileges including administrators via...

8.8CVSS8.8AI score0.0087EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2018/05/07 12:0 a.m.9 views

PT-2018-24: Authentication Bypass, Improper Authorization and Local File Inclusion in PRTG Network Monitor

The specialists of the Positive Research center have detected an Authentication Bypass, Improper Authorization and Local File Inclusion in PRTG Network Monitor. Vulnerability allows remote unauthenticated attackers to create users with read-write privileges including administrators by overriding...

9.8CVSS9.8AI score0.8646EPSS
Exploits0References4
Rows per page
Query Builder