Total
1438 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6353 | 1 Cloudera | 1 Cdh | 2019-12-12 | 3.5 LOW | 6.5 MEDIUM |
| Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler. | |||||
| CVE-2013-4411 | 2 Fedoraproject, Reviewboard | 2 Fedora, Reviewboard | 2019-12-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Review Board: URL processing gives unauthorized users access to review lists | |||||
| CVE-2011-3617 | 2 Debian, Tahoe-lafs | 2 Debian Linux, Tahoe-lafs | 2019-12-11 | 5.5 MEDIUM | 6.5 MEDIUM |
| Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases. | |||||
| CVE-2019-14832 | 1 Redhat | 1 Keycloak | 2019-12-11 | 6.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks. | |||||
| CVE-2016-3131 | 1 Cloudera | 1 Cdh | 2019-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. | |||||
| CVE-2016-4572 | 1 Cloudera | 1 Cdh | 2019-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. | |||||
| CVE-2011-2726 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2019-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL. | |||||
| CVE-2015-1780 | 1 Redhat | 2 Ovirt-engine, Virtualization | 2019-11-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center | |||||
| CVE-2012-2238 | 1 Tryton | 1 Trytond | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| trytond 2.4: ModelView.button fails to validate authorization | |||||
| CVE-2019-5231 | 1 Huawei | 2 P30, P30 Firmware | 2019-11-15 | 2.1 LOW | 4.6 MEDIUM |
| P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package. | |||||
| CVE-2018-18819 | 1 Mitel | 2 Micollab, Mivoice Business Express | 2019-11-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands. | |||||
| CVE-2019-4509 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2019-11-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430. | |||||
| CVE-2010-2548 | 1 Redhat | 1 Icedtea6 | 2019-11-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. | |||||
| CVE-2009-3723 | 2 Asterisk, Debian | 2 Open Source, Debian Linux | 2019-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| asterisk allows calls on prohibited networks | |||||
| CVE-2018-14665 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2019-10-22 | 7.2 HIGH | 6.6 MEDIUM |
| A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. | |||||
| CVE-2019-12648 | 1 Cisco | 6 807 Industrial Integrated Services Routers, 809 Industrial Integrated Services Routers, 829 Industrial Integrated Services Routers and 3 more | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user. | |||||
| CVE-2018-8790 | 1 Checkpoint | 1 Zonealarm | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM. | |||||
| CVE-2018-7366 | 1 Zte | 2 Zxv10 B860av2.1 Chinamobile, Zxv10 B860av2.1 Chinamobile Firmware | 2019-10-09 | 4.6 MEDIUM | 6.8 MEDIUM |
| ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations. | |||||
| CVE-2018-7363 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2019-10-09 | 3.3 LOW | 8.8 HIGH |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials. | |||||
| CVE-2018-1250 | 1 Dell | 3 Emc Unity, Emc Unity Firmware, Emc Unityvsa | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. A remote authenticated user could potentially exploit this vulnerability to read files in NAS server by directly interacting with certain APIs of Unity OE, bypassing Role-Based Authorization control implemented only in Unisphere GUI. | |||||