15 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via improper validation of OIDC token claims after processing through CEL expressions. An attacker can gain unauthorized operator-level read access and perform actions such as suspend, resume, or reconcile by...
EUVD-2025-23280
Malicious code in bioql PyPI...
EUVD-2022-29330
Malicious code in bioql PyPI...
Access Control Bypass
Overview influxdb-client is an InfluxDB 2.0 Python client library Affected versions of this package are vulnerable to Access Control Bypass due to a business logic flaw that allows users who own a valid allAccess token to escalate their privileges at operator level by listing current authorizatio...
Exploit for CVE-2024-30896
CVE-2024-30896 Summary A business logic flaw in influxdb a...
Cisco Secure Email and Web Manager (SMA) Information Disclosure (cisco-sa-esasma-info-dsc-Q9tLuOvM)
According to its self-reported version, Cisco Secure Email and Web Manager SMA is affected by an information disclosure vulnerability in the web management interface. This could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol...
Design/Logic Flaw
A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance SMA, and Cisco Email Security Appliance ESA could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access...
CVE-2022-20664 Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability
A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance SMA, and Cisco Email Security Appliance ESA could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access...
CVE-2022-24447
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export...
Design/Logic Flaw
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers and user information even if no SSH server or user is associated to the operator...
ZOHO ManageEngine Key Manager Plus 安全漏洞
ZOHO ManageEngine Key Manager Plus is a WEB-based SSH secret key management solution from ZOHO that helps you harden, control, manage, monitor and audit SSH keys across the entire lifecycle of the keys. It provides administrators with the ability to visualize SSH management, helping them to...
CVE-2020-3447 Cisco Email Security Appliance and Cisco Content Security Management Appliance Information Disclosure Vulnerability
A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance ESA and Cisco AsyncOS for Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to excessive...
CVE-2017-6748
A vulnerability in the CLI parser of the Cisco Web Security Appliance WSA could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtu...
CVE-2017-6748
A vulnerability in the CLI parser of the Cisco Web Security Appliance WSA could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtu...
Cisco Web Security Appliance Authenticated Command Injection and Privilege Escalation Vulnerability
A vulnerability in the CLI parser of the Cisco Web Security Appliance WSA could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. SPDX-FileCopyrightText:...