Lucene search
K

42 matches found

Prion
Prion
added 2023/10/31 12:15 p.m.37 views

Default configuration

The 'checkuniventionjoinstatus' prometheus monitoring script and other scripts in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuratio...

4.3CVSS7.8AI score0.00348EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/04 10:54 a.m.7 views

CVE-2023-4997 Improper authorisation in Uptime DC

Improper authorisation of regular users in ProIntegra Uptime DC software versions below 2.0.0.33940 allows them to change passwords of all other users including administrators leading to a privilege escalation...

8.8CVSS8.7AI score0.00544EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.5 views

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A cross-site scripting vulnerability exists in WWBN Avideo versions prior to 12.4, which stems from the ability for a regular user to create a meeting schedule where the user can invite other users to that meeting, but fail ...

8CVSS6.3AI score0.00712EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/05/21 12:5 a.m.20 views

CVE-2018-12560

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring...

6.5CVSS4.6AI score0.01784EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/04 7:40 p.m.17 views

Security Bulletin: IBM Robotic Process Automation may allow regular users to view some admin pages.

Summary IBM Robotic Process Automation Server prior to 21.0.1.3 may allow regular users to view some admin pages Vulnerability Details CVEID: CVE-2022-22415 DESCRIPTION: A vulnerability exists where an IBM Robotic Process Automation regular user is able to obtain view-only access to some admin...

6.5CVSS2.3AI score0.00711EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/05/02 1:15 p.m.19 views

CVE-2022-23065

In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the “Assets” tab. The uploaded file will affect administrators as well as regular users...

5.4CVSS5.7AI score0.00588EPSS
Exploits1References2
Code423n4
Code423n4
added 2022/04/29 12:0 a.m.10 views

Potential Sandwich Attack: Arbitrage bots can front run reward tokens being sent to the liquidity mining contracts

Lines of code Vulnerability details Impact For the PARMiner and DemandMiner contracts, arbitrage bots could harvest significant portion of rewards by monitoring MEV, and front run any reward token either a.mimo or par being transferred to the liquidityMining contract i.e. call the deposit functio...

6.7AI score
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.18 views

Mageia: Security Advisory (MGASA-2018-0314)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.6AI score0.02068EPSS
Exploits0References4
OSV
OSV
added 2022/01/10 2:10 p.m.5 views

CVE-2021-30360

Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client...

7.8CVSS5.8AI score0.0057EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2021/12/16 2:32 p.m.27 views

snipe-it is vulnerable to Improper Access Control

snipe-it prior to version 5.3.4 is vulnerable to Improper Access Control. Regular users with DENY set to all models permissions can still view model information via the /models/id/clone endpoint due to no authorize'view' permission being set...

4.3CVSS5.6AI score0.00697EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2021/12/10 12:0 a.m.3 views

PT-2021-23007 · Snipe-It · Snipe-It

Name of the Vulnerable Software and Affected Versions: snipe-it versions prior to 5.3.4 Description: The issue is related to Improper Access Control. Regular users with DENY set to all models permissions can still view model information via the "/models/id/clone" endpoint due to no authorize'view...

4.3CVSS4.2AI score0.00697EPSS
Exploits1References7
Cvelist
Cvelist
added 2021/10/13 2:0 p.m.15 views

CVE-2021-41137 Bypassing policy restrictions on regular users

Minio is a Kubernetes native application for cloud storage. All users on release RELEASE.2021-10-10T16-53-30Z are affected by a vulnerability that involves bypassing policy restrictions on regular users. Normally, checkKeyValid should return owner true for rootCreds. In the affected version, poli...

8.8CVSS8.6AI score0.01244EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/10/13 12:0 a.m.8 views

PT-2021-23119 · Minio · Minio

Name of the Vulnerable Software and Affected Versions: Minio versions RELEASE.2021-10-10T16-53-30Z through RELEASE.2021-10-12T23-59-59Z Description: The issue involves bypassing policy restrictions on regular users in Minio, a Kubernetes native application for cloud storage. Normally, the...

8.8CVSS8.6AI score0.01244EPSS
Exploits0References8
Snyk
Snyk
added 2021/08/03 8:56 a.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. The site-admin area can be accessed by regular users. Unprivileged users can have access to daily usage statistics and code intelligence uploads and indexes. It is not possible to alter the information, nor interac...

4.3CVSS7.2AI score0.00649EPSS
Exploits0References2
OSV
OSV
added 2021/07/28 4:39 p.m.3 views

DRUPAL-CONTRIB-2021-024

This project enables administrators to restrict access from anonymous and regular users to pre-defined pages. The administration routes used by the project lacked proper permissions, allowing untrusted users to access, create and modify the module's settings...

6.7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/05/18 12:0 a.m.7 views

PT-2021-9743 · Bitdefender · Bitdefender Endpoint Security Tools For Windows

Name of the Vulnerable Software and Affected Versions: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 Description: An Improper Access Control issue in the logging component allows a regular user to learn the scanning exclusion paths. This issue was discovered during...

4CVSS4.1AI score0.00474EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2018/06/19 5:29 a.m.21 views

CVE-2018-12560

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring...

6.5CVSS6.9AI score0.01784EPSS
Exploits0References2
OSV
OSV
added 2018/06/19 5:29 a.m.18 views

CVE-2018-12560

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring...

6.5CVSS6.7AI score
Exploits0References1
OSV
OSV
added 2018/06/19 5:29 a.m.1 views

DEBIAN-CVE-2018-12560

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring...

6.5CVSS7.7AI score0.01784EPSS
Exploits0References1
CNVD
CNVD
added 2018/02/01 12:0 a.m.4 views

Huawei iBMC System Improper Authorization Vulnerability

Huawei iBMC system is a server remote management system from Huawei, China. The Huawei iBMC system is vulnerable to an improper authorization vulnerability, which occurs when the system fails to properly perform privilege checks. The vulnerability is exploited to cause information disclosure when...

4.3CVSS6.5AI score0.00552EPSS
Exploits0References1
Rows per page
Query Builder