21 matches found
CVE-2026-46362
CVE-2026-46362 affects phpMyFAQ prior to 4.1.2, where a flaw in AbstractAdministrationController::userHasPermission() allows an authenticated user to bypass authorization and access any permission-protected admin page. The root cause is failure to terminate execution after sending a forbidden res...
Authorization Bypass
askbot is vulnerable to Authorization Bypass. The vulnerability is due to an incomplete permissions check, where an attacker authenticated with normal user permissions can modify the profile picture of other application users...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003921)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003921 advisory. The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be...
EUVD-2023-43109
Malicious code in bioql PyPI...
CVE-2024-23560
HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type...
CVE-2023-39384
Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally...
CVE-2023-39384
Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally...
CVE-2021-46891
Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability...
CVE-2020-14121
The CVE-2020-14121 issue affects Xiaomi Mi App Store. Affected component: the store’s business logic with incomplete product permission checks, allowing bypass and a local silent installation. Root cause: insufficient permission enforcement enables an attacker to install without user-visible prom...
SUSE: Security Advisory (SUSE-SU-2020:2879-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-42098
An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell...
SUSE: Security Advisory (SUSE-SU-2020:2905-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Privilege Escalation
linux-kvm is vulnerable to privilege escalation. The vulnerability exists as the rbd block device driver in drivers/block/rbd.c used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices...
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-2176)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices which could be leveraged by local attackers to map or unmap rbd block devices aka CID-f44d04e696fe.
...
CVE-2020-25284
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe...
Design/Logic Flaw
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe...
UBUNTU-CVE-2020-25284
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe...
CVE-2020-25284
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe...
Updated proftpd packages fix security vulnerabilities
Updated proftpd package fixes security vulnerabilities: It was discovered that the modcopy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands CVE-2019-12815. It was discovered that due to incorrect handling of overly long commands, a...