Lucene search
K

130 matches found

BDU FSTEC
BDU FSTEC
added 2021/10/22 12:0 a.m.47 views

The vulnerability of the software-hardware complex for protecting information from unauthorized access—“Akord-V”—is related to the violation of established role assignments. This allows an intruder to bypass the access restrictions for resources of the ABI/AVI system for the system administrators and execute arbitrary code on behalf of the system.

The vulnerability of the software-hardware complex for protecting information from unauthorized access, “Akord-V,” is related to the violation of established role assignments. Exploiting this vulnerability allows an intruder to bypass the access restrictions for ARMs of types ABI/AVI for ARM...

7.4CVSS6AI score
Exploits0Affected Software1
Prion
Prion
added 2021/05/20 3:15 p.m.14 views

Cross site request forgery (csrf)

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection at...

6.8CVSS8.6AI score0.00726EPSS
Exploits1References3Affected Software2
NVD
NVD
added 2021/04/19 3:15 p.m.41 views

CVE-2021-21981

VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC Role based access control role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level...

7.8CVSS0.00217EPSS
Exploits0References1
Prion
Prion
added 2021/04/19 3:15 p.m.16 views

Privilege escalation

VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC Role based access control role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level...

4.6CVSS7.7AI score0.00217EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/04/19 2:37 p.m.49 views

CVE-2021-21981

VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC Role based access control role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level...

7.9AI score0.00217EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2020/11/05 12:0 a.m.411 views

iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation

Exploit Title: iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation Date: 2020-07-16 Exploit Author: LiquidWorm Vendor Homepage: http://www.yerootech.com Version: 6.2 iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation Vendor:...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/07/22 12:38 p.m.5 views

openstack-keystone: OAuth1 request token authorize silently ignores roles parameter

A flaw was found in Keystone, where it inadvertently provided OAuth1 access tokens to every role assignment the creator had for a project, resulting in giving more permissions and escalated access in role assignments than intended. The greatest impact is on confidentiality...

8.8CVSS7.1AI score0.01896EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2020/05/07 7:39 p.m.29 views

CVE-2020-12690

A flaw was found in Keystone, where it inadvertently provided OAuth1 access tokens to every role assignment the creator had for a project, resulting in giving more permissions and escalated access in role assignments than intended. The greatest impact is on confidentiality...

6.5CVSS3.4AI score0.01896EPSS
Exploits0References4
OSV
OSV
added 2020/05/07 12:15 a.m.29 views

CVE-2020-12690

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. Th...

8.8CVSS8.7AI score
Exploits0References7
OSV
OSV
added 2020/05/07 12:15 a.m.29 views

PYSEC-2020-54

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. Th...

8.8CVSS2.7AI score0.01896EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2020/05/06 11:43 p.m.30 views

CVE-2020-12690

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. Th...

8.8CVSS8.2AI score0.01896EPSS
Exploits0
NVD
NVD
added 2020/03/16 6:15 p.m.28 views

CVE-2020-7916

beteacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpressbeteacher URI without any additional permission checks. Therefore, any user can change its...

6.5CVSS6.6AI score0.01116EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/03/16 5:4 p.m.22 views

CVE-2020-7916

beteacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpressbeteacher URI without any additional permission checks. Therefore, any user can change its...

6.5AI score0.01116EPSS
Exploits0References1
CVE
CVE
added 2020/03/16 5:4 p.m.86 views

CVE-2020-7916

Summary: CVE-2020-7916 affects WordPress LearnPress plugin versions 3.2.6.5 and earlier. The flaw resides in be_teacher in class-lp-admin-ajax.php, allowing any registered/authenticated user to call wp-admin/admin-ajax.php?action=learnpress_be_teacher and grant themselves the teacher role without...

6.5CVSS6.5AI score0.01116EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/01/07 5:15 p.m.21 views

CVE-2019-14879

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked where applicable...

5.4CVSS6.7AI score0.00709EPSS
Exploits1References1
Prion
Prion
added 2020/01/07 5:15 p.m.16 views

Design/Logic Flaw

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked where applicable...

5.5CVSS5.4AI score0.00709EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2020/01/07 5:15 p.m.19 views

CVE-2019-14879

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked where applicable...

5.5CVSS5.9AI score0.00709EPSS
Exploits1References2
CVE
CVE
added 2020/01/07 4:23 p.m.82 views

CVE-2019-14879

Summary (CVE-2019-14879): Moodle prior to version 3.7.3 (3.7.x), 3.6.x prior to 3.6.7, and 3.5.x prior to 3.5.9 contains a logic issue where, after removing a cohort role assignment, the related capabilities were not revoked (where applicable). This can leave previously granted capabilities in ef...

5.5CVSS5.7AI score0.00709EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/05/15 5:13 p.m.4 views

DRUPAL-CONTRIB-2019-048

This module enables you to use special routes for user registration with special roles and custom field sets defined for the role. The module doesn't sufficiently check which user roles can be registered under the scenario when the user tries to register the user with the administrator role. This...

6.8AI score
Exploits0References1
NVD
NVD
added 2019/02/04 9:29 p.m.13 views

CVE-2019-1000001

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role...

9.8CVSS9.7AI score0.01724EPSS
Exploits0References1
Rows per page
Query Builder