UBUNTU-CVE-2023-23612

OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and...

IBM Navigator for i Access Control Error Vulnerability

IBM Navigator for i is an IBM console interface used in IBMi to perform and manage critical tasks in IBMi. IBM Navigator for i versions 7.2, 7.3 and 7.4 are vulnerable to an access control error that stems from a network system or product that does not properly restrict access to resources from...

Apache CouchDB Access Control Error Vulnerability

Apache CouchDB is a document-oriented database system developed by the Apache Foundation using Erlang.An access control error vulnerability exists in versions prior to Apache CouchDB 3.2.2, which stems from a network system or product that does not properly restrict access to resources from...

Zimbra Access Control Error Vulnerability

Zimbra Collaboration aka ZCS versions 8.8.15 and 9.0 are vulnerable to an access control error. The vulnerability stems from a network system or product that does not properly restrict access to resources from unauthorized roles. An unauthenticated attacker could exploit the vulnerability to inje...

SPIP Information Disclosure Vulnerability (CNVD-2022-21820)

SPIP is a Web-based content distribution system used primarily for online collaboration. A security vulnerability exists in SPIP, which stems from a web-based system or product that does not properly restrict access to resources from unauthorized roles. An unauthenticated attacker could use this...

Fortinet FortiToken Mobile 访问控制错误漏洞

Fortinet FortiToken Mobile is an Oath-compliant, event-based and time-based one-time password Otp generator application from Fortinet U.S.A. An access control error vulnerability exists in Fortinet FortiToken Mobile versions 5.1.0 and below, which stems from a network system or the product does n...

Fortinet FortiAnalyzer 权限许可和访问控制问题漏洞

Fortinet FortiAnalyzer is a centralized network security reporting solution from Fortinet USA. The product is used to collect network log data and analyze, report, and archive security events, network traffic, and Web content in the logs through the reporting suite.Fortinet FortiAnalyzer is...

XWiki Platform Access Control Error Vulnerability

Xwiki Platform is a Wiki platform used to create Web collaboration applications from the French company Xwiki. XWiki Platform has an access control error vulnerability that stems from the application not properly restricting access to resources from unauthorized roles, which could be exploited by...

XWiki Platform 安全漏洞

Xwiki Platform is a Wiki platform used to create Web collaboration applications from the French company Xwiki. XWiki Platform has an access control error vulnerability that stems from the application not properly restricting access to resources from unauthorized roles, which could be exploited by...

Reolink Rlc-410W Access Control Error Vulnerability

Reolink Rlc-410W is a Wifi security camera from Reolink China.The Reolink RLC-410W in version v3.0.0.13620121102 is vulnerable to an access control error that stems from the device's factory binary not properly restricting access to resources from unauthorized roles. An attacker could exploit the...

OneBlog Permission License and Access Control Issues Vulnerability

OneBlog is a beautiful, powerful Java blog. OneBlog in version 2.2.8 and earlier suffers from a Permissions Permission and Access Control Issues vulnerability that arises from a network system or product that does not properly restrict access to resources from unauthorized roles. An attacker coul...

microweber access control error vulnerability

Microweber is an online store management system from the Microweber community in the United States that provides drag-and-drop functionality. The system includes modules for adding products, images, and more. microweber is vulnerable to an access control error, which stems from a network system o...

Mattermost Access Control Error Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. An access control error vulnerability exists in Mattermost versions 6.1 and earlier, which stems from a network system or product that does not properly restrict access to resources from unauthorized roles, and could be...

Atlassian Jira Access Control Error Vulnerability (CNVD-2022-05435)

Atlassian Jira is a defect tracking management system from Atlassian Australia. Atlassian Jira Center is vulnerable to an access control error that occurs when a networked system or product does not properly restrict access to resources from unauthorized roles, which can be exploited by an...

PeerTube Access Control Error Vulnerability (CNVD-2022-18322)

PeerTube is a decentralized video sharing service platform. Used to produce video projects, PeerTube suffers from an access control error vulnerability that stems from a network system or product that does not properly restrict access to resources from unauthorized roles, which could be exploited...

IBM Db2 Access Control Error Vulnerability

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from an Access Control Error vulnerability that originates when a networked system or...

Netgear Access Control Error Vulnerability

Netgear RAX35 is a router from Netgear, Inc. A hardware device that connects two or more networks and acts as a gateway between networks.An access control error vulnerability exists in firmware versions prior to Netgear RAX35, RAX38 and RAX40 routers v1.0.4.102, which stems from a network system ...

IBM Cognos Analytics Access Control Error Vulnerability

IBM Cognos Analytics is a suite of business intelligence software from IBM Corporation. The software includes reports, dashboards, and scorecards, and can help companies adjust their decisions by analyzing content such as key factors and key people.IBM Cognos Analytics has an access control error...

Elecom Edwrc 安全漏洞

Elecom Edwrc is a series of routers from Elecom Japan. A security vulnerability exists in Elecom Edwrc that stems from ELECOM routers not properly restricting resource access from unauthorized roles...

Atlassian Jira 安全漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. Atlassian Jira is vulnerable to an access control error that occurs when a network system or product does not properly restrict access to resources from unauthorized roles. A remote attacker could exploit this...