33 matches found
CVE-2019-14838
A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server...
libssh: Authentication Bypass due to improper message callbacks implementation
A vulnerability was found in libssh's server-side state machine. A malicious client could create channels without first performing authentication, resulting in unauthorized access...
ALPINE-CVE-2018-10933
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access...
UBUNTU-CVE-2018-10933
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access...
CVE-2017-15091
An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly...
Design/Logic Flaw
An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly...
CVE-2015-1762
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain...
PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application
It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...
jboss-as-server: Unchecked access to MSC Service Registry under JSM
In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container MSC service registry without any permission checks. This could allow malicious deployments to modify the internal state of the...
CVE-2014-0005
CVE-2014-0005 affects PicketBox/JBossSX used in Red Hat JBoss EAP 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2; the issue allows remote authenticated users to read/modify the application server configuration and state by deploying a crafted application. The NVD notes a LOW (3.6) base score w...
jboss-as-server: Unchecked access to MSC Service Registry under JSM
In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container MSC service registry without any permission checks. This could allow malicious deployments to modify the internal state of the...
Accept Answer URL should be idempotent and accept PUT or POST requests only
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46610. panel Answers currently users a single URL to both accept and un-accept answers: noformat $baseurl/acceptanswer/$answerid...
jboss-as-server: Unchecked access to MSC Service Registry under JSM
In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container MSC service registry without any permission checks. This could allow malicious deployments to modify the internal state of the...