Lucene search
K

5715 matches found

Hacker One
Hacker One
added 2018/10/01 5:57 p.m.65 views

Shopify: H1514 Removed Staff members who had "Apps" permission can still modify flow app connections

Summary: It's been found that removed staff members who had "Apps" permission can still modify flow app connection settings due to improper authorization. Description: Flow app https://apps.shopify.com/flow allows users to connect their Google Sheets, Trello and Asana accounts to their flow...

0.7AI score
Exploits0
OSV
OSV
added 2018/08/30 4:29 p.m.3 views

CVE-2016-0373

IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119...

4.3CVSS5.8AI score0.00786EPSS
Exploits0References2
CNVD
CNVD
added 2018/08/24 12:0 a.m.3 views

CloudBees Jenkins Improper Authorization Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . An...

6.5CVSS6.6AI score0.00774EPSS
Exploits0References1
OSV
OSV
added 2018/08/23 6:29 p.m.39 views

CVE-2018-1999047

A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center...

6.5CVSS6.5AI score
Exploits0References1
Prion
Prion
added 2018/08/23 6:29 p.m.14 views

Authorization

A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center...

4CVSS6.2AI score0.00774EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2018/08/15 8:3 p.m.19 views

Improper Authorization in aedes

Versions of aedes before 0.35.1 does not respect its own authorization rules when a client sets a Last Will. Recommendation Update to version 0.35.1 or later...

5.3CVSS5.1AI score0.01417EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2018/08/08 8:29 p.m.14 views

CVE-2018-3778

Improper authorization in aedes version 0.35.0 will publish a LWT in a channel when a client is not authorized...

5.3CVSS6.8AI score
Exploits0References3
NVD
NVD
added 2018/08/08 8:29 p.m.19 views

CVE-2018-3778

Improper authorization in aedes version 0.35.0 will publish a LWT in a channel when a client is not authorized...

5.3CVSS5.3AI score0.01417EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/08/08 8:0 p.m.27 views

CVE-2018-3778

Improper authorization in aedes version 0.35.0 will publish a LWT in a channel when a client is not authorized...

5.2AI score0.01417EPSS
Exploits0References3
OSV
OSV
added 2018/07/23 7:29 p.m.26 views

CVE-2018-1999004

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches...

4.3CVSS6.3AI score
Exploits0References2
NVD
NVD
added 2018/07/23 7:29 p.m.28 views

CVE-2018-1999004

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches...

4.3CVSS4.4AI score0.00942EPSS
Exploits0References2
CVE
CVE
added 2018/07/23 7:0 p.m.116 views

CVE-2018-1999004

The connected sources confirm CVE-2018-1999004 is an improper authorization flaw in Jenkins prior to version 2.133 (and prior to 2.132/2.121.1 as cited by various records) affecting SlaveComputer.java, where users with Overall/Read permission can initiate agent launches and abort in-progress laun...

4.3CVSS5.8AI score0.00942EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/07/05 1:29 p.m.17 views

CVE-2017-16773

Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode...

8.8CVSS6.8AI score0.0135EPSS
Exploits0References1
OSV
OSV
added 2018/07/05 1:29 p.m.4 views

CVE-2017-16773

Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode...

8.8CVSS5.8AI score0.0135EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/07/05 1:0 p.m.22 views

CVE-2017-16773

Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode...

6.5CVSS8.4AI score0.0135EPSS
Exploits0References1
CVE
CVE
added 2018/07/05 1:0 p.m.48 views

CVE-2017-16773

CVE-2017-16773 affects Synology Universal Search, specifically the Highlight Preview component, prior to version 1.0.5-0135. The root cause is an improper authorization check that allows remote authenticated users to bypass directory permissions in POSIX mode. Impact is the ability to access or b...

8.8CVSS8.2AI score0.0135EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 11:50 a.m.20 views

Security Bulletin: Improper authorization by non-admin user in IBM Content Navigator (CVE-2014-0858)

Summary Using 3rd party tools, a non-admin user can modify the URL action so that instead of a getAction, the user can perform a deleteAction against the configuration database. Vulnerability Details CVEID: CVE-2014-0858 DESCRIPTION: Improper authorization by non-admin user CVSS Base Score: 3.5...

3.5CVSS1.1AI score0.00904EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:45 p.m.22 views

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Improper Authorization Vulnerability (CVE-2016-0239)

Summary IBM Security Guardium Database Activity Monitor could allow a remote authenticated attacker to issue a specially HTTP request as administrator. Vulnerability Details CVEID: CVE-2016-0239 DESCRIPTION: IBM Security Guardium Database Activity Monitor could allow a remote authenticated attack...

8.8CVSS1.4AI score0.01247EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2018/06/15 12:0 a.m.5 views

Synology Calendar Improper Authorization Vulnerability

Synology Calendar is a file protection program from Synology that runs on Synology NAS devices. An authorization issue vulnerability exists in SYNO.Cal.Event in Synology Calendar. A remote attacker can exploit this vulnerability to create arbitrary events with the 'calid' or 'originalcalid'...

6.5CVSS6.2AI score0.00907EPSS
Exploits0References1
Prion
Prion
added 2018/06/14 2:29 p.m.16 views

Authorization

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the 1 calid or 2 originalcalid parameter...

4CVSS6.3AI score0.00907EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder