202 matches found
CVE-2020-4877
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843...
CVE-2020-4877
The CVE-2020-4877 issue affects IBM Cognos Controller 10.4.0, 10.4.1 and 10.4.2, where public fields in public classes could be misuse by an attacker to cause unauthorized modifications. The underlying root cause is an authorization issue that stems from not applying proper permissions to public ...
CVE-2021-35534
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal databas...
Security feature bypass
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal databas...
CVE-2021-35534 Insufficient Security Control Vulnerability
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal databas...
CVE-2021-35534
CVE-2021-35534 affects Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, and PWC600. The root cause is insufficient security controls in the internal database access mechanism (ODBC-based), allowing an attacker with valid credentials to bypass protections and potentially modify data/fi...
Google Releases New Framework to Prevent Software Supply Chain Attacks
As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications. Called "Supply chain Levels for Software Artifacts" SLSA, and...
Gallagher Command Center Server Access Control Error Vulnerability
Gallagher Command Center Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. An access control error vulnerability exists in Gallagher Command Centre Server that originates when Gallagher Command Centre Server allows unauthorized command...
Updated nodejs-yargs-parser packages fix security vulnerability
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload CVE-2020-7608...
CVE-2021-28146
A flaw was found in grafana. Authenticated users are allowed to add external groups to existing teams or to grant a user team-permissions that the user isn't supposed to have. The highest threat from this vulnerability is to data confidentiality...
CVE-2021-25910
Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user...
Design/Logic Flaw
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of th...
Server-Side Request Forgery
Web applications often rely on network requests to query external resources and retrieve data in order to process it. A Server-Side Request Forgery SSRF vulnerability exists when an attacker is able to control these outbound requests and send it to a resource he owns, to the localhost itself, or ...
PT-2019-17027 · Ibm · Ibm Security Guardium Big Data Intelligence
Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Big Data Intelligence SonarG version 4.0 Description: The issue specifies permissions for a security-critical resource, which could lead to the exposure of sensitive information or the modification of that resource by...
CVE-2019-6815
In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities could cause a denial of service or unauthorized modifications of the PLC configuration when using Ethernet/IP protocol...
CVE-2019-6815
In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities could cause a denial of service or unauthorized modifications of the PLC configuration when using Ethernet/IP protocol...
Authorization Bypass
mysql is vulnerable to authorization bypass. The vulnerability exists as remotely authenticated users can cause unauthorized modifications through DML...
Authentication flaw
A vulnerability in the identity management service of Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions f...
New Relic: [NR Insights] Data app permissions setting does not fully prevent other users from modifying/changing changing data related to your data app
In NR Insights, there is the ability to set a permissions for the data app itself. It's located here: F326634 Now, in this section, if a user creates a new data app and sets the permissions to "visible to others within my account" it essentially provides read-only access to the data app and its...
Debian DLA-1428-1 : 389-ds-base security update
CVE-2015-1854 A flaw was found while doing authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could perform unauthorized modifications of entries in the directory server. CVE-2017-15134 Improper handling of a search filter in...