Total
1602 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-19597 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header. | |||||
CVE-2013-4411 | 2 Fedoraproject, Reviewboard | 2 Fedora, Reviewboard | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Review Board: URL processing gives unauthorized users access to review lists | |||||
CVE-2020-6307 | 1 Sap | 1 Basis | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information. | |||||
CVE-2018-20494 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
CVE-2017-16778 | 1 Fermax | 2 Outdoor Panel, Outdoor Panel Firmware | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant that would allow physical access to a restricted floor/level. By design, only a residential unit owner may allow such an access grant. However, due to incorrect access control, an attacker could inject it via the speaker unit to perform an access grant to gain unauthorized access, as demonstrated by a loud DTMF tone representing '1' and a long '#' (697 Hz and 1209 Hz, followed by 941 Hz and 1477 Hz). | |||||
CVE-2019-17191 | 1 Signal | 1 Private Messenger | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping. | |||||
CVE-2016-6591 | 1 Symantec | 1 Norton App Lock | 2024-02-28 | 3.3 LOW | 7.1 HIGH |
A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. | |||||
CVE-2019-11294 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins. | |||||
CVE-2013-4410 | 2 Fedoraproject, Reviewboard | 2 Fedora, Reviewboard | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
ReviewBoard: has an access-control problem in REST API | |||||
CVE-2019-5879 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. | |||||
CVE-2019-0384 | 1 Sap | 2 Enterprise Extension Financial Services, Treasury And Risk Management \(s4core\) | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity. | |||||
CVE-2019-19520 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen. | |||||
CVE-2019-4311 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161037. | |||||
CVE-2020-8086 | 2 Debian, Prosody | 3 Debian Linux, Mod Auth Ldap, Mod Auth Ldap2 | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin. | |||||
CVE-2019-14843 | 1 Redhat | 2 Jboss Enterprise Application Platform, Single Sign-on | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue. | |||||
CVE-2013-4862 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page. | |||||
CVE-2011-3617 | 2 Debian, Tahoe-lafs | 2 Debian Linux, Tahoe-lafs | 2024-02-28 | 5.5 MEDIUM | 6.5 MEDIUM |
Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases. | |||||
CVE-2020-2097 | 1 Jenkins | 1 Sounds | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins. | |||||
CVE-2012-6094 | 2 Apple, Debian | 2 Cups, Debian Linux | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system | |||||
CVE-2011-2726 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL. |