5706 matches found
CVE-2018-1999004
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches...
CVE-2018-1999004
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches...
CVE-2018-1999004
The connected sources confirm CVE-2018-1999004 is an improper authorization flaw in Jenkins prior to version 2.133 (and prior to 2.132/2.121.1 as cited by various records) affecting SlaveComputer.java, where users with Overall/Read permission can initiate agent launches and abort in-progress laun...
CVE-2017-16773
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode...
CVE-2017-16773
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode...
CVE-2017-16773
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode...
CVE-2017-16773
CVE-2017-16773 affects Synology Universal Search, specifically the Highlight Preview component, prior to version 1.0.5-0135. The root cause is an improper authorization check that allows remote authenticated users to bypass directory permissions in POSIX mode. Impact is the ability to access or b...
Security Bulletin: Improper authorization by non-admin user in IBM Content Navigator (CVE-2014-0858)
Summary Using 3rd party tools, a non-admin user can modify the URL action so that instead of a getAction, the user can perform a deleteAction against the configuration database. Vulnerability Details CVEID: CVE-2014-0858 DESCRIPTION: Improper authorization by non-admin user CVSS Base Score: 3.5...
Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Improper Authorization Vulnerability (CVE-2016-0239)
Summary IBM Security Guardium Database Activity Monitor could allow a remote authenticated attacker to issue a specially HTTP request as administrator. Vulnerability Details CVEID: CVE-2016-0239 DESCRIPTION: IBM Security Guardium Database Activity Monitor could allow a remote authenticated attack...
Synology Calendar Improper Authorization Vulnerability
Synology Calendar is a file protection program from Synology that runs on Synology NAS devices. An authorization issue vulnerability exists in SYNO.Cal.Event in Synology Calendar. A remote attacker can exploit this vulnerability to create arbitrary events with the 'calid' or 'originalcalid'...
Authorization
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the 1 calid or 2 originalcalid parameter...
CVE-2018-8927
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the 1 calid or 2 originalcalid parameter...
CVE-2018-8927
The CVE-2018-8927 entry concerns Synology Calendar (SYNO.Cal.Event). The vulnerability is an improper authorization issue in Calendar before version 2.1.2-0511, enabling remote authenticated users to create arbitrary events through the cal_id or original_cal_id parameters. The provided documents ...
CVE-2018-8927
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the 1 calid or 2 originalcalid parameter...
OpenFlow has multiple vulnerabilities
OpenFlow is an open source network communication protocol, a data link layer that controls the forwarding plane of a network switch or router, and is considered one of the first software-defined networking SDN standards. A denial of service and improper authorization vulnerability exists in the...
CVE-2018-1000155
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID DataPath IDentifier in the featuresreply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network...
CVE-2018-1000155
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID DataPath IDentifier in the featuresreply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network...
CVE-2018-1000155
OpenFlow vulnerability CVE-2018-1000155 affects OpenFlow 1.0 and later during the handshake: the DPID in features_reply is treated as trusted by the controller, enabling Denial of Service and Improper Authorization. The issue can lead to DoS, Unauthorized Access, and network instability once an a...
PT-2018-25: Improper Authorization in PRTG Network Monitor
The specialists of the Positive Research center have detected an Improper Authorization vulnerability in PRTG Network Monitor. Vulnerability due to improper validation of user rights allows attackers with read-only privileges to create users with read-write privileges including administrators via...
PT-2018-24: Authentication Bypass, Improper Authorization and Local File Inclusion in PRTG Network Monitor
The specialists of the Positive Research center have detected an Authentication Bypass, Improper Authorization and Local File Inclusion in PRTG Network Monitor. Vulnerability allows remote unauthenticated attackers to create users with read-write privileges including administrators by overriding...