Lucene search
+L

202 matches found

Cvelist
Cvelist
added 2022/01/21 5:20 p.m.20 views

CVE-2020-4877

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843...

7.3CVSS8.8AI score0.00898EPSS
Exploits0References2
CVE
CVE
added 2022/01/21 5:20 p.m.51 views

CVE-2020-4877

The CVE-2020-4877 issue affects IBM Cognos Controller 10.4.0, 10.4.1 and 10.4.2, where public fields in public classes could be misuse by an attacker to cause unauthorized modifications. The underlying root cause is an authorization issue that stems from not applying proper permissions to public ...

9.8CVSS8.8AI score0.00898EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/11/18 5:15 p.m.74 views

CVE-2021-35534

Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal databas...

9CVSS0.01666EPSS
Exploits0References3
Prion
Prion
added 2021/11/18 5:15 p.m.17 views

Security feature bypass

Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal databas...

9CVSS6.8AI score0.01666EPSS
Exploits0References3Affected Software5
Cvelist
Cvelist
added 2021/11/18 4:35 p.m.57 views

CVE-2021-35534 Insufficient Security Control Vulnerability

Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal databas...

7.2CVSS7.1AI score0.01666EPSS
Exploits0References3
CVE
CVE
added 2021/11/18 4:35 p.m.60 views

CVE-2021-35534

CVE-2021-35534 affects Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, and PWC600. The root cause is insufficient security controls in the internal database access mechanism (ODBC-based), allowing an attacker with valid credentials to bypass protections and potentially modify data/fi...

9CVSS6.9AI score0.01666EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2021/06/18 7:20 a.m.50 views

Google Releases New Framework to Prevent Software Supply Chain Attacks

As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications. Called "Supply chain Levels for Software Artifacts" SLSA, and...

0.1AI score
Exploits0
CNVD
CNVD
added 2021/06/17 12:0 a.m.6 views

Gallagher Command Center Server Access Control Error Vulnerability

Gallagher Command Center Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. An access control error vulnerability exists in Gallagher Command Centre Server that originates when Gallagher Command Centre Server allows unauthorized command...

9.9CVSS6.8AI score0.00853EPSS
Exploits0References1
Mageia
Mageia
added 2021/04/02 8:25 p.m.134 views

Updated nodejs-yargs-parser packages fix security vulnerability

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload CVE-2020-7608...

5.3CVSS2.5AI score0.00514EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2021/03/18 6:30 p.m.29 views

CVE-2021-28146

A flaw was found in grafana. Authenticated users are allowed to add external groups to existing teams or to grant a user team-permissions that the user isn't supposed to have. The highest threat from this vulnerability is to data confidentiality...

6.8CVSS3.3AI score0.01397EPSS
Exploits0References4
NVD
NVD
added 2021/01/29 2:15 p.m.15 views

CVE-2021-25910

Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user...

8CVSS7.7AI score0.00461EPSS
Exploits0References1
Prion
Prion
added 2020/10/27 8:15 p.m.13 views

Design/Logic Flaw

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of th...

4.3CVSS4.3AI score0.00738EPSS
Exploits0References5Affected Software4
Tenable Nessus
Tenable Nessus
added 2020/06/09 12:0 a.m.20 views

Server-Side Request Forgery

Web applications often rely on network requests to query external resources and retrieve data in order to process it. A Server-Side Request Forgery SSRF vulnerability exists when an attacker is able to control these outbound requests and send it to a resource he owns, to the localhost itself, or ...

7.6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/10/28 12:0 a.m.4 views

PT-2019-17027 · Ibm · Ibm Security Guardium Big Data Intelligence

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Big Data Intelligence SonarG version 4.0 Description: The issue specifies permissions for a security-critical resource, which could lead to the exposure of sensitive information or the modification of that resource by...

6.5CVSS6.2AI score0.01023EPSS
Exploits0References3
NVD
NVD
added 2019/05/22 8:29 p.m.23 views

CVE-2019-6815

In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities could cause a denial of service or unauthorized modifications of the PLC configuration when using Ethernet/IP protocol...

9.1CVSS9.2AI score0.01399EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/05/22 7:52 p.m.35 views

CVE-2019-6815

In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities could cause a denial of service or unauthorized modifications of the PLC configuration when using Ethernet/IP protocol...

9.3AI score0.01399EPSS
Exploits0References1
Veracode
Veracode
added 2019/05/02 5:34 a.m.28 views

Authorization Bypass

mysql is vulnerable to authorization bypass. The vulnerability exists as remotely authenticated users can cause unauthorized modifications through DML...

4.6CVSS6.4AI score0.04172EPSS
Exploits0References26Affected Software4
Prion
Prion
added 2018/10/05 2:29 p.m.16 views

Authentication flaw

A vulnerability in the identity management service of Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions f...

7.5CVSS9.5AI score0.02139EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2018/07/31 6:15 a.m.12 views

New Relic: [NR Insights] Data app permissions setting does not fully prevent other users from modifying/changing changing data related to your data app

In NR Insights, there is the ability to set a permissions for the data app itself. It's located here: F326634 Now, in this section, if a user creates a new data app and sets the permissions to "visible to others within my account" it essentially provides read-only access to the data app and its...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/07/16 12:0 a.m.31 views

Debian DLA-1428-1 : 389-ds-base security update

CVE-2015-1854 A flaw was found while doing authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could perform unauthorized modifications of entries in the directory server. CVE-2017-15134 Improper handling of a search filter in...

7.5CVSS6.9AI score0.04646EPSS
Exploits0References7
Rows per page
Query Builder