Filtered by CWE-863
Total 1780 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-0927 1 Gitlab 1 Gitlab 2024-08-05 N/A
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.
CVE-2017-0922 1 Gitlab 1 Gitlab 2024-08-05 N/A
Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.
CVE-2017-0881 1 Zulip 1 Zulip Server 2024-08-05 N/A
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server.
CVE-2017-0894 1 Nextcloud 1 Nextcloud Server 2024-08-05 4.3 Medium
Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
CVE-2018-1999004 2 Jenkins, Oracle 2 Jenkins, Communications Cloud Native Core Automated Test Suite 2024-08-05 4.3 Medium
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches.
CVE-2018-1999003 2 Jenkins, Oracle 2 Jenkins, Communications Cloud Native Core Automated Test Suite 2024-08-05 4.3 Medium
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds.
CVE-2018-1000805 4 Canonical, Debian, Paramiko and 1 more 15 Ubuntu Linux, Debian Linux, Paramiko and 12 more 2024-08-05 8.8 High
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
CVE-2018-1000418 1 Atlassian 1 Hipchat 2024-08-05 N/A
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2018-1000412 1 Jenkins 1 Jira 2024-08-05 8.8 High
An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2018-1000420 1 Apache 1 Mesos 2024-08-05 N/A
An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins.
CVE-2018-1000155 1 Opennetworking 1 Openflow 2024-08-05 N/A
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake.
CVE-2018-21082 1 Google 1 Android 2024-08-05 8.4 High
An issue was discovered on Samsung mobile devices with N(7.x) software. Dex Station allows App Pinning bypass and lock-screen bypass via the "Use screen lock type to unpin" option. The Samsung ID is SVE-2017-11106 (February 2018).
CVE-2018-21039 1 Google 1 Android 2024-08-05 7.5 High
An issue was discovered on Samsung mobile devices with N(7.0) software. With the Location permission for the compass feature in Quick Tools (aka QuickTools), an attacker can bypass the lockscreen. The Samsung ID is SVE-2018-12053 (December 2018).
CVE-2018-21030 1 Jupyter 1 Notebook 2024-08-05 5.3 Medium
Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.
CVE-2018-20685 9 Canonical, Debian, Fujitsu and 6 more 30 Ubuntu Linux, Debian Linux, M10-1 and 27 more 2024-08-05 5.3 Medium
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
CVE-2018-20498 1 Gitlab 1 Gitlab 2024-08-05 4.3 Medium
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
CVE-2018-20493 1 Gitlab 1 Gitlab 2024-08-05 4.3 Medium
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
CVE-2018-20492 1 Gitlab 1 Gitlab 2024-08-05 5.3 Medium
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control (issue 2 of 6).
CVE-2018-20494 1 Gitlab 1 Gitlab 2024-08-05 7.5 High
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
CVE-2018-20147 2 Debian, Wordpress 2 Debian Linux, Wordpress 2024-08-05 N/A
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.