Vulnerabilities (CVE)

CWE filter

CWE-862

Filter

101 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-16328 1 Rpyc Project 1 Rpyc 2019-10-10 5.0
In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.
CVE-2019-0367 1 Sap 1 Netweaver Process Integration 2019-10-10 4.0
SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check.
CVE-2019-5463 1 Gitlab 1 Gitlab 2019-10-09 5.0
An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVE-2018-7689 1 Opensuse 1 Open Build Service 2019-10-09 4.0
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.
CVE-2018-7688 1 Opensuse 1 Open Build Service 2019-10-09 4.0
A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions.
CVE-2018-2419 1 Sap 3 Ea-finserv, S4core, Sapscore 2019-10-09 5.5
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2018-2413 1 Sap 1 Disclosure Management 2019-10-09 6.5
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2018-2412 1 Sap 1 Disclosure Management 2019-10-09 6.5
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2018-18996 2019-10-09 7.5
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server.
CVE-2018-0336 1 Cisco 1 Prime Collaboration 2019-10-09 6.5
A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization...
CVE-2018-0322 1 Cisco 2 Prime Collaboration, Prime Collaboration Provisioning 2019-10-09 6.5
A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on an affected device. The...
CVE-2018-0317 1 Cisco 2 Prime Collaboration, Prime Collaboration Provisioning 2019-10-09 6.5
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal access control checks. An...
CVE-2018-0092 1 Cisco 1 Nx-os 2019-10-09 3.6
A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete other...
CVE-2017-9513 2019-10-09 5.5
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA...
CVE-2017-7914 1 Rockwellautomation 1 Panelview Plus 6 700-1500 Firmware 2019-10-09 7.5
A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.00-20130325, 7.00-20130619, 7.00-20140128,...
CVE-2017-6923 1 Drupal 1 Drupal 2019-10-09 4.0
In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This...
CVE-2017-18101 1 Atlassian 1 Jira 2019-10-09 6.4
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote...
CVE-2017-18035 1 Atlassian 2 Crucible, Fisheye 2019-10-09 4.0
The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular...
CVE-2017-1002151 1 Pagure 1 Pagure 2019-10-09 5.0
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization
CVE-2018-5547 1 F5 1 Big-ip Access Policy Manager Client 2019-10-09 7.2
Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog...