Vulnerabilities (CVE)

CWE filter

CWE-285

Filter

229 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-11652 2019-08-23 7.5
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or...
CVE-2019-0349 1 Sap 1 Advanced Business Application Programming Platform Kernel 2019-08-23 6.5
SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73,...
CVE-2018-8012 2 Apache, Debian 2 Zookeeper, Debian Linux 2019-08-21 5.0
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit...
CVE-2019-13416 1 Search-guard 1 Search Guard 2019-08-19 3.5
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s).
CVE-2019-13415 1 Search-guard 1 Search Guard 2019-08-19 3.5
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see.
CVE-2019-11208 1 Tibco 1 Api Exchange Gateway 2019-08-19 6.5
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to...
CVE-2019-5995 1 Canon 66 Eos-1d C Firmware, Eos-1d X Firmware, Eos-1d X Mkii Firmware and 63 more 2019-08-16 4.8
Missing authorization vulnerability exists in EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version...
CVE-2019-5399 2019-08-16 9.7
A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
CVE-2019-1912 2019-08-16 6.4
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web...
CVE-2019-5402 1 Hp 1 3par Storeserv Management Console 2019-08-16 10.0
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5405 1 Hp 1 3par Storeserv Management Console 2019-08-16 5.0
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2018-4183 1 Apple 1 Mac Os X 2019-08-15 7.2
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions.
CVE-2018-4182 1 Apple 1 Mac Os X 2019-08-15 7.2
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS.
CVE-2018-4181 3 Apple, Canonical, Debian 3 Mac Os X, Ubuntu Linux, Debian Linux 2019-08-15 4.9
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.
CVE-2018-4180 3 Apple, Canonical, Debian 3 Mac Os X, Ubuntu Linux, Debian Linux 2019-08-15 4.6
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.
CVE-2019-10162 1 Powerdns 1 Authoritative 2019-08-15 5.0
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the...
CVE-2019-1934 1 Cisco 1 Adaptive Security Appliance Software 2019-08-15 6.5
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The...
CVE-2018-20826 1 Atlassian 1 Jira 2019-08-14 4.0
The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check.
CVE-2019-14473 1 Eq-3 2 Ccu2 Firmware, Ccu3 Firmware 2019-08-14 6.5
eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or...
CVE-2019-2386 1 Mongodb 1 Mongodb 2019-08-14 6.0
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue...