Total
1430 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-14843 | 1 Redhat | 2 Jboss Enterprise Application Platform, Single Sign-on | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue. | |||||
CVE-2009-3723 | 2 Asterisk, Debian | 2 Open Source, Debian Linux | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
asterisk allows calls on prohibited networks | |||||
CVE-2019-4509 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430. | |||||
CVE-2020-0047 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141622311 | |||||
CVE-2016-6353 | 1 Cloudera | 1 Cdh | 2023-12-10 | 3.5 LOW | 6.5 MEDIUM |
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler. | |||||
CVE-2020-8086 | 2 Debian, Prosody | 3 Debian Linux, Mod Auth Ldap, Mod Auth Ldap2 | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin. | |||||
CVE-2016-4572 | 1 Cloudera | 1 Cdh | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. | |||||
CVE-2019-5231 | 1 Huawei | 2 P30, P30 Firmware | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package. | |||||
CVE-2019-14832 | 1 Redhat | 1 Keycloak | 2023-12-10 | 6.0 MEDIUM | 7.5 HIGH |
A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks. | |||||
CVE-2020-5251 | 1 Parseplatform | 1 Parse-server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way. | |||||
CVE-2013-4410 | 2 Fedoraproject, Reviewboard | 2 Fedora, Reviewboard | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
ReviewBoard: has an access-control problem in REST API | |||||
CVE-2018-20494 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
CVE-2013-2574 | 1 Foscam | 2 Fi8620, Fi8620 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information. | |||||
CVE-2020-2135 | 1 Jenkins | 1 Script Security | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. | |||||
CVE-2019-17190 | 1 Avast | 1 Secure Browser | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the elevated process cleans the ACL of the Update.ini file in %PROGRAMDATA%\Avast Software\Browser\Update\ and sets all privileges to group Everyone. Because any low-privileged user can create, delete, or modify the Update.ini file stored in this location, an attacker with low privileges can create a hard link named Update.ini in this folder, and make it point to a file writable by NT AUTHORITY\SYSTEM. Once AvastBrowserUpdate.exe is triggered by the update check functionality, the DACL is set to a misconfigured value on the crafted Update.ini and, consequently, to the target file that was previously not writable by the low-privileged attacker. | |||||
CVE-2018-18819 | 1 Mitel | 2 Micollab, Mivoice Business Express | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands. | |||||
CVE-2020-5855 | 2 F5, Microsoft | 3 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client, Windows | 2023-12-10 | 4.6 MEDIUM | 4.3 MEDIUM |
When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user. | |||||
CVE-2019-16538 | 1 Jenkins | 1 Script Security | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts. | |||||
CVE-2019-19520 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen. | |||||
CVE-2019-4745 | 1 Ibm | 7 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 4 more | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883. |