Lucene search
+L

229 matches found

Cvelist
Cvelist
added 2020/03/10 8:20 p.m.24 views

CVE-2020-6204

The selection query in SAP Treasury and Risk Management Transaction Management EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104 returns more records than it should be when selecting and displaying the contract number, leading to Missing...

4.3CVSS4.7AI score0.00627EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/03/10 8:18 p.m.23 views

CVE-2020-6199

The view FIMENAVCOMPCERT in SAP ERP MENA Certificate Management, EAPPGLO version 607, SAPFIN versions- 618, 730 and SAP S/4HANA MENA Certificate Management, S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization grou...

5.4CVSS5.5AI score0.00334EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2020/03/01 12:0 a.m.10 views

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.11.6: Fix missing authorization check on pull for public repos of private/limited org 11656 11683 Use session for retrieving org teams 11438 11439...

2AI score
Exploits0References1
OSV
OSV
added 2020/02/12 8:15 p.m.2 views

CVE-2020-6188

VAT Pro-Rata reports in SAP ERP SAPAPPL versions 600, 602, 603, 604, 605, 606, 616 and SAPFIN versions 617, 618, 700, 720, 730 and SAP S/4 HANA versions 100, 101, 102, 103, 104 do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check...

8.8CVSS6.7AI score0.00676EPSS
Exploits0References2
NVD
NVD
added 2020/02/12 8:15 p.m.24 views

CVE-2020-6183

SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details,...

6.5CVSS5.6AI score0.0069EPSS
Exploits0References2
Prion
Prion
added 2020/02/12 8:15 p.m.13 views

Authorization

VAT Pro-Rata reports in SAP ERP SAPAPPL versions 600, 602, 603, 604, 605, 606, 616 and SAPFIN versions 617, 618, 700, 720, 730 and SAP S/4 HANA versions 100, 101, 102, 103, 104 do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check...

6.5CVSS8.5AI score0.00676EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2020/02/12 8:15 p.m.24 views

Authorization

SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details,...

6.4CVSS6.5AI score0.0069EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/02/12 7:46 p.m.64 views

CVE-2020-6183

CVE-2020-6183 affects SAP Host Agent, version 7.21. The connected documents describe a vulnerability in which an unprivileged user can read or write the shared memory by sending a request to the main SAPOSCOL process, potentially exposing data such as directory sizes and hardware/OS details due t...

6.5CVSS6.4AI score0.0069EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/02/12 7:46 p.m.27 views

CVE-2020-6183

SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details,...

5.3CVSS6.5AI score0.0069EPSS
Exploits0References2
CVE
CVE
added 2020/02/12 7:46 p.m.58 views

CVE-2020-6188

The CVE-2020-6188 issue affects SAP ERP (SAP_APPL 600–606, 616; SAP_FIN 617–618, 700, 720, 730) and SAP S/4HANA (100–104). The root cause is missing authorization checks for an authenticated user, as described across multiple sources. This results in a Missing Authorization Check vulnerability wi...

8.8CVSS8.5AI score0.00676EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2020/02/06 5:15 p.m.17 views

CVE-2020-8772

The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwpmmbsetrequest in init.php. Any attacker who knows the username of an administrator can log in...

9.8CVSS9.5AI score0.8787EPSS
Exploits2References2
Atlassian
Atlassian
added 2020/02/04 11:21 p.m.42 views

Information leak through broken access control in Jira Server and Data Center - CVE-2019-20407

The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check...

4.3CVSS5.6AI score0.01198EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/01/09 12:0 a.m.54 views

Atlassian JIRA < 7.13.12 / 8.x < 8.4.3 / 8.5.x < 8.5.2 Authorization Bypass (JRASERVER-70405)

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to 7.13.12, 8.x prior to 8.4.3, or 8.5.x prior to 8.5.2 / 8.6.0. It is, therefore, affected by an authorization bypass vulnerability. The vulnerability exists in the...

4.3CVSS5.4AI score0.0121EPSS
Exploits0References2
NVD
NVD
added 2019/10/08 8:15 p.m.29 views

CVE-2019-0367

SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...

4.3CVSS4.6AI score0.0055EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/10/08 7:16 p.m.33 views

CVE-2019-0367

SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...

4.7AI score0.0055EPSS
Exploits0References2
Atlassian
Atlassian
added 2019/09/26 4:6 p.m.39 views

Improper Authorization in Crowd through ATST Plugin - CVE-2019-15005

The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Crowd & Crowd Data Center before version 3.6.0, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization...

4.3CVSS3.9AI score0.01334EPSS
Exploits0Affected Software1
Prion
Prion
added 2019/08/14 3:15 p.m.19 views

Authorization

SAP Kernel ABAP Debugger, versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute “Go to...

6.5CVSS7AI score0.01247EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/09 7:31 p.m.38 views

CVE-2018-20826

The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check...

4.5AI score0.00847EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/04/30 3:28 p.m.35 views

CVE-2019-3399

The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check...

7.4AI score0.0205EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.31 views

SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2018:2564-1)

This update for postgresql10 fixes the following issues : PostgreSQL 10 was updated to 10.5 : https://www.postgresql.org/about/news/1851/ https://www.postgresql.org/docs/current/static/release-10-5.html A dump/restore is not required for those running 10.X. However, if you use the adminpack...

9.1CVSS6.8AI score0.05154EPSS
Exploits0References12
Rows per page
Query Builder