Lucene search
+L

352 matches found

RedhatCVE
RedhatCVE
added 2020/08/03 2:14 p.m.37 views

CVE-2020-10779

A flaw was found in Red Hat CloudForms where sensitive data would have been possibly leaked for other existing roles. An attacker with low privilege could make use of EVM-Admin API if certain criteria is met since there was no privilege check on feature. Mitigation Red Hat has investigated whethe...

4CVSS2.5AI score0.00776EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/04/28 7:11 p.m.21 views

CVE-2019-15876

In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged user...

5.7AI score0.00259EPSS
Exploits0References1
Prion
Prion
added 2020/04/01 11:15 p.m.24 views

Design/Logic Flaw

The UniFi Video Server Windows web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLICGROUP or CUSTOMGROUP groups, can access these endpoints and overwrite the current...

4CVSS6.4AI score0.01121EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/01/22 2:15 p.m.7 views

CVE-2018-16270

Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path...

7.5CVSS5.9AI score0.01158EPSS
Exploits1References2
NVD
NVD
added 2019/10/17 6:15 p.m.19 views

CVE-2019-17631

From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks...

9.1CVSS9.2AI score0.02066EPSS
Exploits0References5
CNVD
CNVD
added 2018/08/08 12:0 a.m.7 views

CloudBees Jenkins Publisher Over CIFS Plugin Privilege Check Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Publisher Over CIFS Plugin is to use...

4.9CVSS4.9AI score0.00483EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/30 12:0 a.m.29 views

CloudBees Jenkins Unauthorized Operation Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . An...

4.3CVSS5.2AI score0.00759EPSS
Exploits0References1
NVD
NVD
added 2018/07/26 1:29 p.m.28 views

CVE-2017-7530

In CloudForms Management Engine cfme before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should n...

8.8CVSS8.8AI score0.01703EPSS
Exploits0References3
CVE
CVE
added 2018/07/26 1:0 p.m.75 views

CVE-2017-7530

CVE-2017-7530 affects CloudForms Management Engine (cfme) prior to 5.7.3 and 5.8.x prior to 5.8.1, where privilege checks can be bypassed when API users trigger arbitrary methods via VMs filtered by MiqExpression. This could let an attacker perform disallowed actions (e.g., destroying VMs). The i...

8.8CVSS8.8AI score0.01703EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2018/07/26 1:0 p.m.36 views

CVE-2017-7530

In CloudForms Management Engine cfme before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should n...

8.8CVSS8.8AI score0.01703EPSS
Exploits0References3
CNVD
CNVD
added 2018/07/10 12:0 a.m.5 views

Huawei Victoria-AL00 Information Disclosure Vulnerability

The Huawei Victoria-AL00 is a smartphone from the Chinese company Huawei Huawei. An information disclosure vulnerability exists in the Huawei Victoria-AL00 phone. Due to an error in the checking privileges of one of the phone's interfaces, an attacker can exploit this vulnerability to gain...

3.3CVSS4.3AI score0.00214EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/07 12:0 a.m.9 views

CloudBees Jenkins CAS Plugin Server-Side Request Forgery Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . CAS Plugin is used to provide a CAS authentication...

5.5CVSS5.7AI score0.00608EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/31 12:0 a.m.5 views

CloudBees Docker Commons Plugin Information Disclosure Vulnerability

CloudBees Docker Commons Plugin is an API sharing plugin in Jenkins a continuous integration tool based on Java development from the US company CloudBees. An information disclosure vulnerability exists in the CloudBees Docker Commons Plugin that stems from the program failing to detect privileges...

6.5CVSS6.2AI score0.0097EPSS
Exploits0References1
OSV
OSV
added 2017/09/14 1:29 p.m.3 views

CVE-2017-1002008

Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges...

9.8CVSS5.8AI score0.16927EPSS
Exploits7References4
RedHat Linux
RedHat Linux
added 2017/08/02 5:23 p.m.76 views

Important: Red Hat Security Advisory: Red Hat CloudForms security, bug fix, and enhancement update

An update is now available for CloudForms Management Engine 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

8.8CVSS6.9AI score0.01703EPSS
Exploits0References217
RedhatCVE
RedhatCVE
added 2017/08/02 3:19 p.m.28 views

CVE-2017-7530

It was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to e.g. destroying VMs...

8.8CVSS7.6AI score0.01703EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/05/12 7:29 p.m.24 views

CVE-2017-7484

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pgstatistic, possibly leaking information. An unprivileged...

7.5CVSS6.8AI score0.0256EPSS
Exploits0References2
Prion
Prion
added 2017/05/12 7:29 p.m.17 views

Design/Logic Flaw

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pgstatistic, possibly leaking information. An unprivileged...

5CVSS7.2AI score0.0256EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2017/05/12 7:0 p.m.293 views

CVE-2017-7484

CVE-2017-7484 concerns PostgreSQL: optimizer statistics can expose sampled data from views, row-security policies, or partitioned/child tables. The issue arises from statistics sampling in pg_statistic, enabling an unprivileged user to read data they would not normally access. Affected are Postgr...

7.5CVSS7.3AI score0.0256EPSS
Exploits0References10Affected Software1
CNVD
CNVD
added 2017/04/18 12:0 a.m.4 views

Back In Time competitive conditions loophole

Back In Time aka backintime is a suite of Linux backup tools. A competitive condition vulnerability exists in the 'checkPolkitPrivilege' function of the serviceHelper.py file in Back In Time 1.1.18 and earlier versions. An attacker can exploit this vulnerability to replace the user's request...

9.3CVSS7.9AI score0.01083EPSS
Exploits0References1
Rows per page
Query Builder