Total
1789 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20538 | 1 Ibm | 1 Cloud Pak For Security | 2024-09-17 | 9.1 Critical |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919. | ||||
| CVE-2019-4509 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-09-17 | 4.3 Medium |
| IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430. | ||||
| CVE-2022-0451 | 1 Dart | 1 Dart Software Development Kit | 2024-09-17 | 6.5 Medium |
| Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with authorization header and it redirects to an attackers site, they might not expect attacker site to receive authorization header. We recommend updating the Dart SDK to version 2.16.0 or beyond. | ||||
| CVE-2019-3403 | 1 Atlassian | 2 Jira, Jira Server | 2024-09-17 | 5.3 Medium |
| The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. | ||||
| CVE-2021-26027 | 1 Joomla | 1 Joomla\! | 2024-09-17 | 5.3 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article. | ||||
| CVE-2019-7639 | 2 Fedoraproject, Gsi-openssh Project | 2 Fedora, Gsi-openssh | 2024-09-17 | N/A |
| An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file. | ||||
| CVE-2018-1000112 | 1 Jenkins | 1 Mercurial | 2024-09-17 | N/A |
| An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users. | ||||
| CVE-2017-16858 | 1 Atlassian | 1 Crowd | 2024-09-17 | N/A |
| The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given the following situation: the Crowd application is bound to directory 1 and has a user called admin and the Google Apps application is bound to directory 2, which also has a user called admin, it was possible to authenticate REST requests using the credentials of the user coming from directory 2 and impersonate the user from directory 1. | ||||
| CVE-2017-8633 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-09-17 | N/A |
| Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error Reporting Elevation of Privilege Vulnerability". | ||||
| CVE-2017-12114 | 1 Ethereum | 1 Cpp-ethereum | 2024-09-17 | 6.8 Medium |
| An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | ||||
| CVE-2021-25954 | 1 Dolibarr | 1 Dolibarr | 2024-09-17 | 4.3 Medium |
| In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint. | ||||
| CVE-2020-36238 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-09-17 | 5.3 Medium |
| The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check. | ||||
| CVE-2018-0460 | 1 Cisco | 1 Network Functions Virtualization Infrastructure | 2024-09-17 | N/A |
| A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the authentication credentials of a low-privileged user. A successful exploit could allow the attacker to read any file on the affected system. | ||||
| CVE-2022-30311 | 1 Festo | 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more | 2024-09-17 | 9.8 Critical |
| In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | ||||
| CVE-2020-4877 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2024-09-17 | 9.8 Critical |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843. | ||||
| CVE-2020-3811 | 3 Canonical, Debian, Netqmail | 3 Ubuntu Linux, Debian Linux, Netqmail | 2024-09-17 | 7.5 High |
| qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability. | ||||
| CVE-2017-16773 | 1 Synology | 1 Universal Search | 2024-09-17 | N/A |
| Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. | ||||
| CVE-2020-5343 | 1 Dell | 1 Os Recovery Image For Microsoft Windows 10 | 2024-09-17 | 7.3 High |
| Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder. | ||||
| CVE-2021-38345 | 1 Brizy | 1 Brizy-page Builder | 2024-09-17 | 7.1 High |
| The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127. | ||||
| CVE-2018-20826 | 1 Atlassian | 1 Jira | 2024-09-17 | 4.3 Medium |
| The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check. | ||||