Total
2555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0922 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.
|
|||||
| CVE-2017-0920 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.
|
|||||
| CVE-2016-9575 | 1 Freeipa | 1 Freeipa | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks.
|
|||||
| CVE-2016-6591 | 1 Symantec | 1 Norton App Lock | 2024-11-21 | 3.3 LOW | 7.1 HIGH |
|
A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions.
|
|||||
| CVE-2016-6353 | 1 Cloudera | 1 Cdh | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.
|
|||||
| CVE-2016-4572 | 1 Cloudera | 1 Cdh | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
|
|||||
| CVE-2016-3131 | 1 Cloudera | 1 Cdh | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
|
|||||
| CVE-2016-20005 | 1 Rest\/json Project | 1 Rest\/json | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.
|
|||||
| CVE-2016-20004 | 1 Rest\/json Project | 1 Rest\/json | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.
|
|||||
| CVE-2016-20002 | 1 Rest\/json Project | 1 Rest\/json | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.
|
|||||
| CVE-2016-20001 | 1 Rest\/json Project | 1 Rest\/json | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.
|
|||||
| CVE-2016-10996 | 1 Optinmonster | 1 Optinmonster | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.
|
|||||
| CVE-2015-1780 | 1 Redhat | 2 Ovirt-engine, Virtualization | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center
|
|||||
| CVE-2015-10033 | 1 Merlinsboard Project | 1 Merlinsboard | 2024-11-21 | 3.7 LOW | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The identifier of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. The identifier VDB-217713 was assigned to this vulnerability.
|
|||||
| CVE-2014-7914 | 1 Google | 1 Android | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.
|
|||||
| CVE-2014-0169 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application.
|
|||||
| CVE-2013-4985 | 1 Vivotek | 6 Ip7160, Ip7160 Firmware, Ip7361 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream
|
|||||
| CVE-2013-4862 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.
|
|||||
| CVE-2013-4411 | 2 Fedoraproject, Reviewboard | 2 Fedora, Reviewboard | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Review Board: URL processing gives unauthorized users access to review lists
|
|||||
| CVE-2013-4410 | 2 Fedoraproject, Reviewboard | 2 Fedora, Reviewboard | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
ReviewBoard: has an access-control problem in REST API
|
|||||
| CVE-2013-4228 | 1 Organic Groups Project | 1 Organic Groups | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.
|
|||||
| CVE-2013-2673 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access.
|
|||||
| CVE-2013-2574 | 1 Foscam | 2 Fi8620, Fi8620 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information.
|
|||||
| CVE-2013-2198 | 1 Login Security Project | 1 Login Security | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username.
|
|||||
| CVE-2013-1350 | 1 Veraxsystems | 1 Network Management System | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities
|
|||||
| CVE-2012-6094 | 2 Apple, Debian | 2 Cups, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system
|
|||||
| CVE-2012-3822 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials.
|
|||||
| CVE-2012-3821 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field.
|
|||||
| CVE-2012-2238 | 1 Tryton | 1 Trytond | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
trytond 2.4: ModelView.button fails to validate authorization
|
|||||
| CVE-2011-3617 | 2 Debian, Tahoe-lafs | 2 Debian Linux, Tahoe-lafs | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases.
|
|||||
| CVE-2011-2726 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.
|
|||||
| CVE-2011-1070 | 2 Debian, V86d Project | 2 Debian Linux, V86d | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.
|
|||||
| CVE-2010-3782 | 2 Obs-server, Suse | 2 Obs-server, Linux Enterprise Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation.
|
|||||
| CVE-2010-2548 | 1 Redhat | 1 Icedtea6 | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.
|
|||||
| CVE-2010-2525 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system.
|
|||||
| CVE-2010-1435 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
|
|||||
| CVE-2009-3723 | 2 Debian, Sangoma | 2 Debian Linux, Asterisk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
asterisk allows calls on prohibited networks
|
|||||
| CVE-2024-7836 | 1 Themify | 1 Builder | 2024-11-20 | N/A | 4.3 MEDIUM |
|
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate and view private or draft posts created by other users that otherwise shouldn't be accessible to them.
|
|||||
| CVE-2024-48897 | 1 Moodle | 1 Moodle | 2024-11-20 | N/A | 4.3 MEDIUM |
|
A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify.
|
|||||
| CVE-2024-48901 | 1 Moodle | 1 Moodle | 2024-11-20 | N/A | 4.3 MEDIUM |
|
A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.
|
|||||