Total
1418 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-20213 | 1 Dlink | 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. | |||||
CVE-2019-9364 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 3.3 LOW |
In AudioService, there is a possible trigger of background user audio due to a permissions bypass. This could lead to local information disclosure by playing the background user's audio with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73364631 | |||||
CVE-2019-6855 | 1 Schneider-electric | 44 Ecostruxure Control Expert, Modicon M340 Bmxp341000, Modicon M340 Bmxp341000 Firmware and 41 more | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers. | |||||
CVE-2012-2238 | 1 Tryton | 1 Trytond | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
trytond 2.4: ModelView.button fails to validate authorization | |||||
CVE-2014-7914 | 1 Google | 1 Android | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag. | |||||
CVE-2019-14832 | 1 Redhat | 1 Keycloak | 2024-02-28 | 6.0 MEDIUM | 7.5 HIGH |
A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks. | |||||
CVE-2013-2574 | 1 Foscam | 2 Fi8620, Fi8620 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information. | |||||
CVE-2019-5231 | 1 Huawei | 2 P30, P30 Firmware | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package. | |||||
CVE-2010-2548 | 1 Redhat | 1 Icedtea6 | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. | |||||
CVE-2012-3822 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials. | |||||
CVE-2020-7251 | 1 Mcafee | 1 Endpoint Security | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS. | |||||
CVE-2018-20493 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
CVE-2019-6144 | 1 Forcepoint | 1 One Endpoint | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection. | |||||
CVE-2019-18949 | 1 Snowhaze | 1 Snowhaze | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration. | |||||
CVE-2019-13001 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass. | |||||
CVE-2019-0383 | 1 Sap | 2 Enterprise Extension Financial Services, Treasury And Risk Management \(s4core\) | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
CVE-2020-2135 | 1 Jenkins | 1 Script Security | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. | |||||
CVE-2019-9272 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
In WiFi, there is a possible leak of WiFi state due to a permissions bypass. This could lead to a local information disclosure which could be used to determine device location with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-11596047 | |||||
CVE-2016-4572 | 1 Cloudera | 1 Cdh | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. | |||||
CVE-2020-5242 | 1 Openhab | 1 Openhab | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file which cannot be changed via REST calls. |