Lucene search
+L

5 matches found

Cvelist
Cvelist
added yesterday13 views

CVE-2024-58363 SurrealDB before 1.5.4 Authentication Bypass via Database Switch

SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or use method. Attackers with an authenticated session can impersonate an unrelated user in a different database if a user record with an identical identifier exists, allowin...

6.3CVSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-12689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can...

8.8CVSS7.7AI score0.01562EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/07/11 1:19 p.m.14 views

SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User

Authentication would not be properly validated when an already authenticated scope user would use the use method or USE clause to switch working databases in a session. If there was a user record in the new database with identical record identifier as the original record that the user authenticat...

7.2AI score
Exploits0References4Affected Software2
OSV
OSV
added 2024/07/11 1:19 p.m.13 views

GHSA-GH9F-6XM2-C4J2 SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User

Authentication would not be properly validated when an already authenticated scope user would use the use method or USE clause to switch working databases in a session. If there was a user record in the new database with identical record identifier as the original record that the user authenticat...

6.3CVSS7.2AI score
Exploits0References4
OSV
OSV
added 2020/05/07 12:15 a.m.3 views

DEBIAN-CVE-2020-12689

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

8.8CVSS7.9AI score0.01562EPSS
Exploits0References1
Rows per page
Query Builder