Total
1418 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-15900 | 1 Doas Project | 1 Doas | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root. | |||||
CVE-2019-19984 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns. | |||||
CVE-2019-12837 | 1 Gencat | 1 Portal D\'acces A La Universitat | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints. | |||||
CVE-2020-2148 | 1 Jenkins | 1 Mac | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
CVE-2018-20492 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control (issue 2 of 6). | |||||
CVE-2016-6353 | 1 Cloudera | 1 Cdh | 2024-02-28 | 3.5 LOW | 6.5 MEDIUM |
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler. | |||||
CVE-2013-2198 | 1 Login Security Project | 1 Login Security | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username. | |||||
CVE-2020-5318 | 1 Dell | 1 Emc Isilon Onefs | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication. | |||||
CVE-2019-4343 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. An attacker could exploit this vulnerability to access content that should be restricted. IBM X-Force ID: 161422. | |||||
CVE-2019-12419 | 2 Apache, Oracle | 5 Cxf, Commerce Guided Search, Enterprise Manager Base Platform and 2 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client. | |||||
CVE-2015-1780 | 1 Redhat | 2 Ovirt-engine, Virtualization | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center | |||||
CVE-2020-2104 | 1 Jenkins | 1 Jenkins | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart. | |||||
CVE-2019-16884 | 6 Canonical, Docker, Fedoraproject and 3 more | 10 Ubuntu Linux, Docker, Fedora and 7 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | |||||
CVE-2019-8512 | 1 Apple | 1 Iphone Os | 2024-02-28 | 7.9 HIGH | 5.7 MEDIUM |
This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure. | |||||
CVE-2016-3131 | 1 Cloudera | 1 Cdh | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. | |||||
CVE-2019-19597 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header. | |||||
CVE-2013-4411 | 2 Fedoraproject, Reviewboard | 2 Fedora, Reviewboard | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Review Board: URL processing gives unauthorized users access to review lists | |||||
CVE-2020-6307 | 1 Sap | 1 Basis | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information. | |||||
CVE-2018-20494 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
CVE-2017-16778 | 1 Fermax | 2 Outdoor Panel, Outdoor Panel Firmware | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant that would allow physical access to a restricted floor/level. By design, only a residential unit owner may allow such an access grant. However, due to incorrect access control, an attacker could inject it via the speaker unit to perform an access grant to gain unauthorized access, as demonstrated by a loud DTMF tone representing '1' and a long '#' (697 Hz and 1209 Hz, followed by 941 Hz and 1477 Hz). |