CWE:
 

Topic
Date
Author
Med.
Microsoft Windows Task Scheduler Local Privilege Escalation
22.07.2019
Social Engineering Neo
Med.
Slims CMS Akasia 8.3.1 SQL Injection
22.05.2019
KingSkrupellos
Med.
Slims CMS Akasia 8.3.1 Improper Authorization Vulnerability
19.05.2019
KingSkrupellos
Med.
Dell OpenManage Network Manager 6.2.0.51 SP3 Privilege Escalation
07.11.2018
Matthew Bergin
Low
SAP Business Objects Unauthorized Audit Information Access
26.02.2015
Onapsis
Med.
SAP Business Objects Unauthorized Audit Information Delete
26.02.2015
Onapsis
Low
SAP Business Objects Information Disclosure Via CORBA
09.10.2014
Will Vandevanter
Med.
SAP Business Warehouse Missing Authorization Check
09.10.2014
Will Vandevanter
Med.
SAP Business Objects Denial Of Service Via CORBA
09.10.2014
Will Vandevanter
Med.
Checkpoint Endpoint Security Media Encryption EPM Explorer Bypass
15.11.2013
Pedro Andujar
High
Zoom Telephonics Multiple Vulns
03.09.2013
K Lovett


CVEMAP Search Results

CVE
Details
Description
2019-09-04
Low
CVE-2019-12635

Vendor: Cisco
Software: Content secu...
 

 
A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not correctly implement role permission controls. An attacker could exploit this vulnerability by using a custom role with specific permissions. A successful exploit could allow the attacker to access the spam quarantine of other users.

 
Medium
CVE-2019-6644

Vendor: F5
Software: Big-ip acces...
 

 
Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.

 
2019-08-23
Medium
CVE-2019-8446

Vendor: Atlassian
Software: JIRA
 

 
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.

 
2019-08-21
Medium
CVE-2019-1907

Vendor: Cisco
Software: Integrated m...
 

 
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain administrator privileges.

 
High
CVE-2019-1863

Vendor: Cisco
Software: Unified comp...
 

 
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges.

 
2019-08-15
Medium
CVE-2018-14670

Vendor: Yandex
Software: Clickhouse
 

 
Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.

 
2019-08-14
Medium
CVE-2019-11652

Updating...
 

 
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate.

 
Medium
CVE-2019-0349

Vendor: SAP
Software: Advanced bus...
 

 
SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute ?Go to statement? without possessing the authorization S_DEVELOP DEBUG 02, resulting in Missing Authorization Check

 
2019-08-13
Low
CVE-2019-13416

Vendor: Search-guard
Software: Search guard
 

 
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s).

 
Low
CVE-2019-13415

Vendor: Search-guard
Software: Search guard
 

 
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top