Total
818 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7484 | 2 Postgresql, Redhat | 5 Postgresql, Enterprise Linux, Network Satellite and 2 more | 2025-04-20 | N/A |
| It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access. | ||||
| CVE-2017-2686 | 1 Siemens | 1 Ruggedcom Rox I | 2025-04-20 | N/A |
| Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information. | ||||
| CVE-2017-2689 | 1 Siemens | 1 Ruggedcom Rox I | 2025-04-20 | N/A |
| Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings. | ||||
| CVE-2017-1000243 | 1 Jenkins | 1 Favorite Plugin | 2025-04-20 | N/A |
| Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites | ||||
| CVE-2017-1000406 | 1 Opendaylight | 1 Karaf | 2025-04-20 | N/A |
| OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart). | ||||
| CVE-2017-1002151 | 1 Redhat | 1 Pagure | 2025-04-20 | 7.5 High |
| Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization | ||||
| CVE-2017-0892 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 3.5 Low |
| Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file. | ||||
| CVE-2017-0894 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 4.3 Medium |
| Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token. | ||||
| CVE-2017-0896 | 1 Zulip | 1 Zulip Server | 2025-04-20 | N/A |
| Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this. | ||||
| CVE-2016-9464 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | N/A |
| Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation simply unshared the file to all users in the group. | ||||
| CVE-2016-8443 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC-CR#964185. | ||||
| CVE-2016-8776 | 1 Huawei | 4 P9, P9 Firmware, P9 Lite and 1 more | 2025-04-20 | N/A |
| Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account. | ||||
| CVE-2016-7651 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall. | ||||
| CVE-2016-5063 | 1 Bmc | 1 Server Automation | 2025-04-20 | N/A |
| The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors. | ||||
| CVE-2016-1000219 | 2 Elastic, Redhat | 2 Kibana, Openshift | 2025-04-20 | N/A |
| Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield. | ||||
| CVE-2015-7317 | 2 Kupu Project, Plone | 2 Kupu, Plone | 2025-04-20 | N/A |
| Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings. | ||||
| CVE-2015-3656 | 1 Arubanetworks | 1 Clearpass | 2025-04-20 | N/A |
| Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks. | ||||
| CVE-2014-9945 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | ||||
| CVE-2014-9950 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | ||||
| CVE-2017-12160 | 1 Redhat | 3 Jboss Single Sign On, Keycloak, Red Hat Single Sign On | 2025-04-20 | 7.2 High |
| It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks. | ||||