5715 matches found
Shopify: H1514 Removed Staff members who had "Apps" permission can still modify flow app connections
Summary: It's been found that removed staff members who had "Apps" permission can still modify flow app connection settings due to improper authorization. Description: Flow app https://apps.shopify.com/flow allows users to connect their Google Sheets, Trello and Asana accounts to their flow...
CVE-2016-0373
IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119...
CloudBees Jenkins Improper Authorization Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . An...
CVE-2018-1999047
A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center...
Authorization
A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center...
Improper Authorization in aedes
Versions of aedes before 0.35.1 does not respect its own authorization rules when a client sets a Last Will. Recommendation Update to version 0.35.1 or later...
CVE-2018-3778
Improper authorization in aedes version 0.35.0 will publish a LWT in a channel when a client is not authorized...
CVE-2018-3778
Improper authorization in aedes version 0.35.0 will publish a LWT in a channel when a client is not authorized...
CVE-2018-3778
Improper authorization in aedes version 0.35.0 will publish a LWT in a channel when a client is not authorized...
CVE-2018-1999004
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches...
CVE-2018-1999004
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches...
CVE-2018-1999004
The connected sources confirm CVE-2018-1999004 is an improper authorization flaw in Jenkins prior to version 2.133 (and prior to 2.132/2.121.1 as cited by various records) affecting SlaveComputer.java, where users with Overall/Read permission can initiate agent launches and abort in-progress laun...
CVE-2017-16773
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode...
CVE-2017-16773
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode...
CVE-2017-16773
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode...
CVE-2017-16773
CVE-2017-16773 affects Synology Universal Search, specifically the Highlight Preview component, prior to version 1.0.5-0135. The root cause is an improper authorization check that allows remote authenticated users to bypass directory permissions in POSIX mode. Impact is the ability to access or b...
Security Bulletin: Improper authorization by non-admin user in IBM Content Navigator (CVE-2014-0858)
Summary Using 3rd party tools, a non-admin user can modify the URL action so that instead of a getAction, the user can perform a deleteAction against the configuration database. Vulnerability Details CVEID: CVE-2014-0858 DESCRIPTION: Improper authorization by non-admin user CVSS Base Score: 3.5...
Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Improper Authorization Vulnerability (CVE-2016-0239)
Summary IBM Security Guardium Database Activity Monitor could allow a remote authenticated attacker to issue a specially HTTP request as administrator. Vulnerability Details CVEID: CVE-2016-0239 DESCRIPTION: IBM Security Guardium Database Activity Monitor could allow a remote authenticated attack...
Synology Calendar Improper Authorization Vulnerability
Synology Calendar is a file protection program from Synology that runs on Synology NAS devices. An authorization issue vulnerability exists in SYNO.Cal.Event in Synology Calendar. A remote attacker can exploit this vulnerability to create arbitrary events with the 'calid' or 'originalcalid'...
Authorization
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the 1 calid or 2 originalcalid parameter...