Lucene search
+L

33 matches found

Cvelist
Cvelist
added 2019/10/14 2:32 p.m.43 views

CVE-2019-14838

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server...

5.2CVSS6.4AI score0.01141EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2018/11/28 8:2 a.m.9 views

libssh: Authentication Bypass due to improper message callbacks implementation

A vulnerability was found in libssh's server-side state machine. A malicious client could create channels without first performing authentication, resulting in unauthorized access...

9.1CVSS7.3AI score0.91789EPSS
Exploits11References5
OSV
OSV
added 2018/10/17 12:29 p.m.2 views

ALPINE-CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access...

9.1CVSS6.5AI score0.91789EPSS
Exploits11References1
OSV
OSV
added 2018/10/16 12:0 a.m.3 views

UBUNTU-CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access...

9.1CVSS6.9AI score0.91789EPSS
Exploits11References5
NVD
NVD
added 2018/01/23 3:29 p.m.16 views

CVE-2017-15091

An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly...

7.1CVSS6.8AI score0.01242EPSS
Exploits0References2
Prion
Prion
added 2018/01/23 3:29 p.m.16 views

Design/Logic Flaw

An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly...

5.5CVSS6.8AI score0.01242EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/07/14 11:0 p.m.41 views

CVE-2015-1762

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain...

7.8AI score0.10359EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/05/14 3:14 p.m.7 views

PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application

It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...

3.6CVSS6AI score0.00799EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/05/14 3:14 p.m.5 views

jboss-as-server: Unchecked access to MSC Service Registry under JSM

In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container MSC service registry without any permission checks. This could allow malicious deployments to modify the internal state of the...

1.9CVSS5.9AI score0.00354EPSS
Exploits0References4
CVE
CVE
added 2015/02/20 4:0 p.m.71 views

CVE-2014-0005

CVE-2014-0005 affects PicketBox/JBossSX used in Red Hat JBoss EAP 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2; the issue allows remote authenticated users to read/modify the application server configuration and state by deploying a crafted application. The NVD notes a LOW (3.6) base score w...

3.6CVSS8.6AI score0.00799EPSS
Exploits0References6Affected Software2
RedHat Linux
RedHat Linux
added 2014/09/23 8:19 p.m.7 views

jboss-as-server: Unchecked access to MSC Service Registry under JSM

In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container MSC service registry without any permission checks. This could allow malicious deployments to modify the internal state of the...

1.9CVSS5.9AI score0.00354EPSS
Exploits0References4
Atlassian
Atlassian
added 2014/02/13 11:39 p.m.22 views

Accept Answer URL should be idempotent and accept PUT or POST requests only

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46610. panel Answers currently users a single URL to both accept and un-accept answers: noformat $baseurl/acceptanswer/$answerid...

0.6AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2014/02/13 6:34 p.m.7 views

jboss-as-server: Unchecked access to MSC Service Registry under JSM

In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container MSC service registry without any permission checks. This could allow malicious deployments to modify the internal state of the...

1.9CVSS5.9AI score0.00354EPSS
Exploits0References4
Rows per page
Query Builder