205 matches found
Design/Logic Flaw
IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293...
CVE-2022-22506
CVE-2022-22506 affects IBM Robotic Process Automation (RPA) 21.0.2 (and related deploys). The vulnerability could allow user IDs to be exposed across tenants, impacting confidentiality. The IBM Security Bulletin lists affected products/versions and provides remediation: upgrade to 21.0.2 IF002 or...
IBM Robotic Process Automation Information Disclosure Vulnerability
IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation suffers from an information disclosure vulnerabili...
SUSE CVE-2023-42456
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...
Mattermost Information Disclosure Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an information disclosure vulnerability that stems from the inability to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint, which can be exploited by...
Input validation
Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs...
CVE-2023-5333 Denial of Service via multiple identical User IDs in /api/v4/users/ids
Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs...
CVE-2023-5333 Denial of Service via multiple identical User IDs in /api/v4/users/ids
Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs...
Mattermost Security Vulnerabilities
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from Mattermost's inability to remove duplicate input IDs, which could allow users to send ad-hoc requests to /api/v4/users/ids with multiple...
CVE-2023-2261
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handleajaxcall function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of...
CVE-2023-2261
The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handleajaxcall function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of...
CVE-2021-4344
The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access th...
Privilege escalation
The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access th...
CVE-2021-4344 Frontend File Manager <= 18.2 - Privilege Escalation
The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access th...
WordPress Plugin Frontend File Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
SAP NetWeaver Cross-Site Scripting Vulnerability (CNVD-2023-28125)
SAP NetWeaver is a set of integrated service-oriented application platform from SAP Germany. The platform mainly provides a development and runtime environment for SAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver, which stems from insufficient coding of user input an...
SUSE CVE-2003-0255
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path...
SUSE CVE-2013-0273
sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service application crash via a crafted packet...
SUSE CVE-2018-16883
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "alloweduids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers...
CVE-2023-0284
Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk = 2.1.0p19, Checkmk = 2.0.0p32, and all versions of Checkmk 1.6.0 EOL are affected...