Check CVE Id
Check CWE Id
CTFd 2.1.5 Administrator Account Takeover
Social Engineering Neo
Microsoft Windows Task Scheduler Local Privilege Escalation
Social Engineering Neo
Slims CMS Akasia 8.3.1 SQL Injection
Slims CMS Akasia 8.3.1 Improper Authorization Vulnerability
Dell OpenManage Network Manager 220.127.116.11 SP3 Privilege Escalation
SAP Business Objects Unauthorized Audit Information Access
SAP Business Objects Unauthorized Audit Information Delete
SAP Business Objects Information Disclosure Via CORBA
SAP Business Warehouse Missing Authorization Check
SAP Business Objects Denial Of Service Via CORBA
Checkpoint Endpoint Security Media Encryption EPM Explorer Bypass
Zoom Telephonics Multiple Vulns
CVEMAP Search Results
A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not correctly implement role permission controls. An attacker could exploit this vulnerability by using a custom role with specific permissions. A successful exploit could allow the attacker to access the spam quarantine of other users.
Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-18.104.22.168, 14.0.0-22.214.171.124, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain administrator privileges.
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges.
Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 126.96.36.199, 188.8.131.52, and 184.108.40.206. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 220.127.116.11, 18.104.22.168, or 22.214.171.124 as appropriate.
SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute ?Go to statement? without possessing the authorization S_DEVELOP DEBUG 02, resulting in Missing Authorization Check
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s).
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see.
Back to Top