Lucene search
K

205 matches found

prion
prion
added 2024/02/12 8:15 p.m.21 views

Design/Logic Flaw

IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293...

2.1CVSS6.6AI score0.0029EPSS
Exploits0References2Affected Software1
cve
cve
added 2024/02/12 7:9 p.m.88 views

CVE-2022-22506

CVE-2022-22506 affects IBM Robotic Process Automation (RPA) 21.0.2 (and related deploys). The vulnerability could allow user IDs to be exposed across tenants, impacting confidentiality. The IBM Security Bulletin lists affected products/versions and provides remediation: upgrade to 21.0.2 IF002 or...

4.6CVSS4.5AI score0.0029EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2024/02/12 12:0 a.m.8 views

IBM Robotic Process Automation Information Disclosure Vulnerability

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation suffers from an information disclosure vulnerabili...

4.6CVSS6.1AI score0.0029EPSS
Exploits0References3
susecve
susecve
added 2023/12/06 2:4 a.m.4 views

SUSE CVE-2023-42456

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

3.1CVSS7.4AI score0.00571EPSS
Exploits0References3
cnvd
cnvd
added 2023/11/30 12:0 a.m.16 views

Mattermost Information Disclosure Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an information disclosure vulnerability that stems from the inability to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint, which can be exploited by...

4.3CVSS6.3AI score0.00443EPSS
Exploits0References1
prion
prion
added 2023/10/09 11:15 a.m.12 views

Input validation

Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs...

4CVSS6.4AI score0.00493EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2023/10/09 10:41 a.m.15 views

CVE-2023-5333 Denial of Service via multiple identical User IDs in /api/v4/users/ids

Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs...

4.3CVSS6.8AI score0.00493EPSS
Exploits0References1
cvelist
cvelist
added 2023/10/09 10:41 a.m.31 views

CVE-2023-5333 Denial of Service via multiple identical User IDs in /api/v4/users/ids

Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs...

4.3CVSS6.6AI score0.00493EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/10/09 12:0 a.m.5 views

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from Mattermost's inability to remove duplicate input IDs, which could allow users to send ad-hoc requests to /api/v4/users/ids with multiple...

6.5CVSS6.7AI score0.00493EPSS
Exploits0References2
attackerkb
attackerkb
added 2023/06/09 1:15 p.m.5 views

CVE-2023-2261

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handleajaxcall function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of...

4.3CVSS5.9AI score0.00552EPSS
Exploits0References4
osv
osv
added 2023/06/09 1:15 p.m.3 views

CVE-2023-2261

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handleajaxcall function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of...

4.3CVSS7.3AI score0.00552EPSS
Exploits0References3
nvd
nvd
added 2023/06/07 2:15 a.m.15 views

CVE-2021-4344

The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access th...

6.4CVSS6.2AI score0.00467EPSS
Exploits1References2
prion
prion
added 2023/06/07 2:15 a.m.23 views

Privilege escalation

The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access th...

5.5CVSS5.3AI score0.00467EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2023/06/07 1:51 a.m.22 views

CVE-2021-4344 Frontend File Manager <= 18.2 - Privilege Escalation

The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access th...

6.4CVSS6.5AI score0.00467EPSS
Exploits1References2
cnnvd
cnnvd
added 2023/06/07 12:0 a.m.5 views

WordPress Plugin Frontend File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.4CVSS5.8AI score0.00467EPSS
Exploits1References3
cnvd
cnvd
added 2023/03/16 12:0 a.m.19 views

SAP NetWeaver Cross-Site Scripting Vulnerability (CNVD-2023-28125)

SAP NetWeaver is a set of integrated service-oriented application platform from SAP Germany. The platform mainly provides a development and runtime environment for SAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver, which stems from insufficient coding of user input an...

5.9AI score0.00455EPSS
Exploits0
susecve
susecve
added 2023/02/15 6:21 a.m.7 views

SUSE CVE-2003-0255

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path...

10CVSS7.1AI score0.06558EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 5:42 a.m.4 views

SUSE CVE-2013-0273

sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service application crash via a crafted packet...

5CVSS6.7AI score0.02601EPSS
Exploits0References7
susecve
susecve
added 2023/02/15 4:23 a.m.6 views

SUSE CVE-2018-16883

sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "alloweduids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers...

5.5CVSS6.1AI score0.00382EPSS
Exploits0References3
osv
osv
added 2023/01/26 9:18 p.m.17 views

CVE-2023-0284

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk = 2.1.0p19, Checkmk = 2.0.0p32, and all versions of Checkmk 1.6.0 EOL are affected...

8.1CVSS6.8AI score0.00921EPSS
Exploits0References1
Rows per page
Query Builder