Total
1599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3782 | 2 Obs-server, Suse | 2 Obs-server, Linux Enterprise Server | 2020-01-14 | 6.5 MEDIUM | 8.8 HIGH |
| obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation. | |||||
| CVE-2014-0169 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2020-01-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application. | |||||
| CVE-2017-16778 | 1 Fermax | 2 Outdoor Panel, Outdoor Panel Firmware | 2020-01-08 | 2.1 LOW | 4.6 MEDIUM |
| An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant that would allow physical access to a restricted floor/level. By design, only a residential unit owner may allow such an access grant. However, due to incorrect access control, an attacker could inject it via the speaker unit to perform an access grant to gain unauthorized access, as demonstrated by a loud DTMF tone representing '1' and a long '#' (697 Hz and 1209 Hz, followed by 941 Hz and 1477 Hz). | |||||
| CVE-2018-20498 | 1 Gitlab | 1 Gitlab | 2020-01-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
| CVE-2018-20493 | 1 Gitlab | 1 Gitlab | 2020-01-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
| CVE-2018-20494 | 1 Gitlab | 1 Gitlab | 2020-01-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
| CVE-2018-20492 | 1 Gitlab | 1 Gitlab | 2020-01-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control (issue 2 of 6). | |||||
| CVE-2019-8512 | 1 Apple | 1 Iphone Os | 2019-12-31 | 7.9 HIGH | 5.7 MEDIUM |
| This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure. | |||||
| CVE-2019-0383 | 1 Sap | 2 Enterprise Extension Financial Services, Treasury And Risk Management \(s4core\) | 2019-12-20 | 6.5 MEDIUM | 8.8 HIGH |
| Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2019-0384 | 1 Sap | 2 Enterprise Extension Financial Services, Treasury And Risk Management \(s4core\) | 2019-12-20 | 6.5 MEDIUM | 8.8 HIGH |
| Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity. | |||||
| CVE-2013-4410 | 2 Fedoraproject, Reviewboard | 2 Fedora, Reviewboard | 2019-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| ReviewBoard: has an access-control problem in REST API | |||||
| CVE-2016-6353 | 1 Cloudera | 1 Cdh | 2019-12-12 | 3.5 LOW | 6.5 MEDIUM |
| Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler. | |||||
| CVE-2013-4411 | 2 Fedoraproject, Reviewboard | 2 Fedora, Reviewboard | 2019-12-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Review Board: URL processing gives unauthorized users access to review lists | |||||
| CVE-2011-3617 | 2 Debian, Tahoe-lafs | 2 Debian Linux, Tahoe-lafs | 2019-12-11 | 5.5 MEDIUM | 6.5 MEDIUM |
| Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases. | |||||
| CVE-2019-14832 | 1 Redhat | 1 Keycloak | 2019-12-11 | 6.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks. | |||||
| CVE-2016-3131 | 1 Cloudera | 1 Cdh | 2019-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. | |||||
| CVE-2016-4572 | 1 Cloudera | 1 Cdh | 2019-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. | |||||
| CVE-2011-2726 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2019-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL. | |||||
| CVE-2015-1780 | 1 Redhat | 2 Ovirt-engine, Virtualization | 2019-11-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center | |||||
| CVE-2012-2238 | 1 Tryton | 1 Trytond | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| trytond 2.4: ModelView.button fails to validate authorization | |||||