Total
1466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20498 | 1 Gitlab | 1 Gitlab | 2020-01-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
| CVE-2018-20493 | 1 Gitlab | 1 Gitlab | 2020-01-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
| CVE-2018-20494 | 1 Gitlab | 1 Gitlab | 2020-01-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
| CVE-2018-20492 | 1 Gitlab | 1 Gitlab | 2020-01-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control (issue 2 of 6). | |||||
| CVE-2019-8512 | 1 Apple | 1 Iphone Os | 2019-12-31 | 7.9 HIGH | 5.7 MEDIUM |
| This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure. | |||||
| CVE-2019-0383 | 1 Sap | 2 Enterprise Extension Financial Services, Treasury And Risk Management \(s4core\) | 2019-12-20 | 6.5 MEDIUM | 8.8 HIGH |
| Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2019-0384 | 1 Sap | 2 Enterprise Extension Financial Services, Treasury And Risk Management \(s4core\) | 2019-12-20 | 6.5 MEDIUM | 8.8 HIGH |
| Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity. | |||||
| CVE-2013-4410 | 2 Fedoraproject, Reviewboard | 2 Fedora, Reviewboard | 2019-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| ReviewBoard: has an access-control problem in REST API | |||||
| CVE-2016-6353 | 1 Cloudera | 1 Cdh | 2019-12-12 | 3.5 LOW | 6.5 MEDIUM |
| Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler. | |||||
| CVE-2013-4411 | 2 Fedoraproject, Reviewboard | 2 Fedora, Reviewboard | 2019-12-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Review Board: URL processing gives unauthorized users access to review lists | |||||
| CVE-2011-3617 | 2 Debian, Tahoe-lafs | 2 Debian Linux, Tahoe-lafs | 2019-12-11 | 5.5 MEDIUM | 6.5 MEDIUM |
| Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases. | |||||
| CVE-2019-14832 | 1 Redhat | 1 Keycloak | 2019-12-11 | 6.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks. | |||||
| CVE-2016-3131 | 1 Cloudera | 1 Cdh | 2019-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. | |||||
| CVE-2016-4572 | 1 Cloudera | 1 Cdh | 2019-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. | |||||
| CVE-2011-2726 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2019-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL. | |||||
| CVE-2015-1780 | 1 Redhat | 2 Ovirt-engine, Virtualization | 2019-11-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center | |||||
| CVE-2012-2238 | 1 Tryton | 1 Trytond | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| trytond 2.4: ModelView.button fails to validate authorization | |||||
| CVE-2019-5231 | 1 Huawei | 2 P30, P30 Firmware | 2019-11-15 | 2.1 LOW | 4.6 MEDIUM |
| P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package. | |||||
| CVE-2018-18819 | 1 Mitel | 2 Micollab, Mivoice Business Express | 2019-11-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands. | |||||
| CVE-2019-4509 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2019-11-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430. | |||||