23 matches found
CVE-2024-48902
In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API...
CVE-2024-48902
In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API...
CVE-2024-48902
In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API...
PT-2024-7203 · Jetbrains · Youtrack
Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.46677 Description: The issue is related to improper access control in JetBrains YouTrack, allowing users with project update permission to delete applications via API. This could potentially allow a...
CVE-2023-35022
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254...
CVE-2023-35022 IBM InfoSphere Information Server improper authentication
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254...
CVE-2024-1626
An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...
CVE-2024-1626
An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...
CVE-2024-1626 IDOR Vulnerability in lunary-ai/lunary
An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...
CVE-2024-1626 IDOR Vulnerability in lunary-ai/lunary
An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...
CVE-2024-1626
CVE-2024-1626 affects lunary-ai/lunary (version 0.3.0). Affected component: project update endpoint /v1/projects/:projectId. Root cause: insufficient authorization checks allow authenticated users to modify any project’s name by referencing a projectId not owned by them, enabling cross-organizati...
CVE-2023-3505
A vulnerability was found in Onest CRM 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/project/update/2 of the component Project List Handler. The manipulation of the argument name with the input alert1 leads to cross site scripting. It is possible to...
Onest CRM 跨站脚本漏洞
Onest CRM is a CRM system from Onest Corporation. A cross-site scripting vulnerability exists in Onest CRM version 1.0, which stems from the parameter name in the file /admin/project/update/2 can lead to cross-site scripting...
PT-2023-25116 · Onest Crm · Onest Crm
Name of the Vulnerable Software and Affected Versions: Onest CRM version 1.0 Description: A problematic issue was found in Onest CRM, affecting an unknown part of the file /admin/project/update/2 of the component Project List Handler. The manipulation of the argument name with the input alert1...
December 6, 2022, update for Project 2016 (KB5002193)
December 6, 2022, update for Project 2016 KB5002193 This article describes update 5002193 for Microsoft Project 2016 that was released on December 6, 2022.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't app...
OPENSUSE-SU-2021:0480-1 Security update for go1.15
This update for go1.15 fixes the following issues: - go1.15.10 released 2021-03-11 bsc1175132 - go1.15.9 released 2021-03-10 bsc1175132 - CVE-2021-27918: Fixed an infinite loop when using xml.NewTokenDecoder with a custom TokenReader bsc1183333. This update was imported from the SUSE:SLE-15:Updat...
OPENSUSE-SU-2021:0283-1 Security update for openvswitch
This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding bsc1181742. This update was imported from the SUSE:SLE-15-SP2:Update update project...
OPENSUSE-SU-2021:0239-1 Security update for openvswitch
This update for openvswitch fixes the following issues: - openvswitch was updated to 2.13.2 - CVE-2020-27827: Fixed a memory leak when parsing lldp packets bsc1181345 This update was imported from the SUSE:SLE-15-SP2:Update update project...
OPENSUSE-SU-2020:1930-1 Security update for u-boot
This update for u-boot fixes the following issues: CVE-2019-14192 bsc1143777, CVE-2019-14193 bsc1143817, CVE-2019-14199 bsc1143824, CVE-2019-14197 bsc1143821, CVE-2019-14200 bsc1143825, CVE-2019-14201 bsc1143827, CVE-2019-14202 bsc1143828, CVE-2019-14203 bsc1143830, CVE-2019-14204 bsc1143831,...
OPENSUSE-SU-2020:1579-1 Security update for cifs-utils
This update for cifs-utils fixes the following issues: - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs bsc1174477. - Fixed an invalid free in mount.cifs; bsc1152930. This update was imported from the SUSE:SLE-15-SP1:Update update project...