Total
1418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15405 | 1 Cisco | 1 Ucs Director | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly include the access level of the web interface user. An attacker who has valid application credentials could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional reconnaissance attacks. | |||||
| CVE-2018-15774 | 1 Dell | 3 Idrac7 Firmware, Idrac8 Firmware, Idrac9 Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access. | |||||
| CVE-2018-13356 | 1 Terra-master | 1 Terramaster Operating System | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions. | |||||
| CVE-2018-7366 | 1 Zte | 2 Zxv10 B860av2.1 Chinamobile, Zxv10 B860av2.1 Chinamobile Firmware | 2024-02-28 | 4.6 MEDIUM | 6.8 MEDIUM |
| ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations. | |||||
| CVE-2018-7363 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-02-28 | 3.3 LOW | 8.8 HIGH |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials. | |||||
| CVE-2018-17950 | 1 Microfocus | 1 Edirectory | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2 | |||||
| CVE-2019-7639 | 2 Fedoraproject, Gsi-openssh Project | 2 Fedora, Gsi-openssh | 2024-02-28 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file. | |||||
| CVE-2017-12115 | 1 Ethereum | 1 Cpp-ethereum | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. | |||||
| CVE-2017-0922 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object. | |||||
| CVE-2017-17323 | 1 Huawei | 2 Ibmc, Ibmc Firmware | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure. | |||||
| CVE-2018-0338 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to cause other users to execute unwanted arbitrary commands on the affected system. Cisco Bug IDs: CSCvf52994. | |||||
| CVE-2018-1000107 | 1 Jenkins | 1 Job And Node Ownership | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata. | |||||
| CVE-2018-8927 | 1 Synology | 1 Calendar | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter. | |||||
| CVE-2018-5520 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-02-28 | 3.5 LOW | 4.4 MEDIUM |
| On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources. | |||||
| CVE-2018-1000110 | 1 Jenkins | 1 Git | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. | |||||
| CVE-2017-12114 | 1 Ethereum | 1 Cpp-ethereum | 2024-02-28 | 4.3 MEDIUM | 6.8 MEDIUM |
| An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | |||||
| CVE-2018-0269 | 1 Cisco | 1 Digital Network Architecture Center | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Cisco Bug IDs: CSCvh99208. | |||||
| CVE-2018-1000114 | 1 Jenkins | 1 Promoted Builds | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions. | |||||
| CVE-2018-10212 | 1 Vaultize | 1 Enterprise File Sharing | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value. | |||||
| CVE-2018-1462 | 1 Ibm | 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more | 2024-02-28 | 6.5 MEDIUM | 7.6 HIGH |
| IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363. | |||||