Lucene search
K

11 matches found

RedHat Linux
RedHat Linux
added last week5 views

keycloak: Keycloak: Attacker can re-enable and take over disabled clients via Registration Access Token

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.8AI score0.00281EPSS
Exploits0References4
Snyk
Snyk
added 2025/11/07 11:41 p.m.1 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to insufficient peer verification logic in the verifyPeerCert function. An attacker can impersonate privileged API components and execute unauthorized operations by compromising a single instance and...

6.5CVSS5.5AI score0.00164EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/02/20 12:0 a.m.11 views

The vulnerability of the agent for Windows software used in automated programming and documentation creation for Unicam FX assembly, which allows a perpetrator to increase their privileges.

The vulnerability of the Windows software agent for automated programming and documentation generation for Unicam FX assembly is related to the improper use of privileged APIs. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.8CVSS7.2AI score0.00148EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.6 views

PT-2023-28842 · Google · Android Debug Bridge +1

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue allows a low-privileged application to modify a critical system property, enabling the exposure of the Android Debug Bridge ADB protocol on the network. This can be exploited to...

7.9CVSS7.4AI score0.00193EPSS
Exploits0References2
NVD
NVD
added 2023/06/16 7:15 p.m.24 views

CVE-2023-25645

There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and...

7.7CVSS7.5AI score0.00266EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/05/11 8:47 a.m.4 views

CVE-2022-46308

SGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information...

8.8CVSS7.4AI score0.00734EPSS
Exploits0References2
NVD
NVD
added 2021/09/01 1:15 a.m.13 views

CVE-2021-36235

An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges...

7.8CVSS0.00719EPSS
Exploits0References1
CVE
CVE
added 2021/04/09 5:29 p.m.81 views

CVE-2021-25356

CVE-2021-25356 pertains to Samsung’s Managed Provisioning. An improper caller check prior to SMR APR-2021 Release 1 allows an unprivileged application to install arbitrary applications, grant device admin permissions, and subsequently delete multiple installed apps. The issue’s root cause is an i...

8.8CVSS8.6AI score0.00177EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/07/19 12:0 a.m.6 views

The vulnerability of the Firmware component of the Mac OS X operating system, which allows a hacker to modify the EFI flash memory regions

The vulnerability of the Firmware component of the Mac OS X operating system is related to insufficient access control. Exploiting this vulnerability could allow an attacker to modify the EFI flash memory areas using a specially crafted privileged application...

6.2CVSS7.8AI score0.01098EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2013/03/12 12:0 a.m.28 views

CentOS Update for openssl CESA-2013:0587 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS6.3AI score0.35584EPSS
Exploits2References2
securityvulns
securityvulns
added 2000/09/28 12:0 a.m.36 views

Security Advisory: FreeBSD-SA-00:53.catopen

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:53 Security Advisory FreeBSD, Inc. Topic: catopen may pose security risk for third party code Category: core Module: libc Announced: 2000-09-27 Affects: FreeBSD...

0.3AI score
Exploits0
Rows per page
Query Builder