Lucene search
K

93 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/05/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-25237

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...

9.8CVSS5.8AI score0.56222EPSS
Exploits1References1
OSV
OSV
added 2023/12/12 1:15 a.m.6 views

CVE-2023-36651

Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials...

7.2CVSS5.8AI score0.00996EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/11/28 10:15 a.m.4 views

CVE-2023-6150

Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105...

7.5CVSS5.8AI score0.00596EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/02 12:0 a.m.4 views

SGUDA U-Lock 安全漏洞

SGUDA U-Lock is a smart electronic lock from SGUDA China. A security vulnerability exists in SGUDA U-Lock, which stems from an authorization error in the lock management function of the central locking service. A remote attacker could use this vulnerability to invoke a privileged API to obtain...

8.8CVSS8AI score0.00734EPSS
Exploits0References2
OSV
OSV
added 2022/12/15 7:15 p.m.4 views

CVE-2022-42849

An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges...

7.8CVSS5.5AI score0.00252EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/12/15 12:0 a.m.6 views

CVE-2022-42849

An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges...

6.6AI score0.00252EPSS
Exploits0References6
CVE
CVE
added 2022/12/15 12:0 a.m.86 views

CVE-2022-42849

CVE-2022-42849 is an Apple platform privilege-elevation issue where privileged API calls could allow a user to gain higher privileges. The record indicates an access issue in Apple’s software stack that is addressed by applying restrictions and updating to specific releases: iOS 16.2, iPadOS 16.2...

7.8CVSS7.3AI score0.00252EPSS
Exploits0References6Affected Software4
OSV
OSV
added 2022/11/09 10:15 p.m.5 views

CVE-2022-39883

Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API...

7.8CVSS5.8AI score0.00086EPSS
Exploits0References1
NVD
NVD
added 2022/11/09 10:15 p.m.21 views

CVE-2022-39883

Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API...

7.8CVSS0.00086EPSS
Exploits0References1
Prion
Prion
added 2022/11/09 10:15 p.m.17 views

Authorization

Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API...

4.3CVSS7.3AI score0.00086EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/11/09 12:0 a.m.53 views

CVE-2022-39883

CVE-2022-39883 affects Samsung StorageManagerService prior to SMR Nov-2022 Release 1. The issue is an improper authorization that lets a local attacker call a privileged API. The NVD CVSSv3.1 base score is 7.8 (HIGH) with LOCAL attack vector, LOW complexity, and Privileges Required: LOW. Red Hat/...

7.8CVSS7.3AI score0.00086EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/09 12:0 a.m.5 views

CVE-2022-39883

Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API...

4CVSS6.5AI score0.00086EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/09 12:0 a.m.4 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, and more, from South Korea's Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Nov-2022 Release 1 version, which stems from an improper authorization vulnerability in...

7.8CVSS7.3AI score0.00086EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/07/01 12:0 a.m.5 views

The vulnerability of the PingID software for multi-factor authentication of applications involves improper use of privileged APIs, allowing an attacker to escalate their privileges.

The vulnerability of the PingID software for multi-factor authentication of applications relates to the improper use of privileged APIs. Exploiting this vulnerability could allow an attacker to enhance their privileges...

7.2CVSS7.5AI score0.00242EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/06/20 6:15 a.m.14 views

CVE-2022-26668

ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service...

7.3CVSS0.00844EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/06/20 5:30 a.m.20 views

CVE-2022-26668 ASUS Control Center - Broken Access Control

ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service...

7.3CVSS7.3AI score0.00844EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/02 2:15 p.m.3 views

CVE-2022-25237

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...

9.8CVSS7.8AI score0.56222EPSS
Exploits1References4
NVD
NVD
added 2022/06/02 2:15 p.m.18 views

CVE-2022-25237

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...

9.8CVSS0.56222EPSS
Exploits1References2
Prion
Prion
added 2022/06/02 2:15 p.m.15 views

Authorization

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...

7.5CVSS9.6AI score0.56222EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/05/27 4:48 p.m.25 views

CVE-2022-25237

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...

9.8AI score0.56222EPSS
Exploits1References2
Rows per page
Query Builder