Total
1164 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9945 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | ||||
| CVE-2016-7651 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall. | ||||
| CVE-2016-8443 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC-CR#964185. | ||||
| CVE-2017-7486 | 2 Postgresql, Redhat | 5 Postgresql, Enterprise Linux, Network Satellite and 2 more | 2025-04-20 | N/A |
| PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server. | ||||
| CVE-2017-0894 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 4.3 Medium |
| Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token. | ||||
| CVE-2017-0892 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 3.5 Low |
| Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file. | ||||
| CVE-2016-9464 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | N/A |
| Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation simply unshared the file to all users in the group. | ||||
| CVE-2016-1000219 | 2 Elastic, Redhat | 2 Kibana, Openshift | 2025-04-20 | N/A |
| Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield. | ||||
| CVE-2015-3656 | 1 Arubanetworks | 1 Clearpass | 2025-04-20 | N/A |
| Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks. | ||||
| CVE-2017-7484 | 2 Postgresql, Redhat | 5 Postgresql, Enterprise Linux, Network Satellite and 2 more | 2025-04-20 | N/A |
| It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access. | ||||
| CVE-2014-9950 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | ||||
| CVE-2017-12160 | 1 Redhat | 3 Jboss Single Sign On, Keycloak, Red Hat Single Sign On | 2025-04-20 | 7.2 High |
| It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks. | ||||
| CVE-2017-6044 | 1 Sierra Wireless | 4 Airlink Raven Xe, Airlink Raven Xe Firmware, Airlink Raven Xt and 1 more | 2025-04-20 | N/A |
| An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot. | ||||
| CVE-2017-1000056 | 1 Kubernetes | 1 Kubernetes | 2025-04-20 | N/A |
| Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. | ||||
| CVE-2022-46312 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-17 | 7.5 High |
| The application management module has a vulnerability in permission verification. Successful exploitation of this vulnerability causes unexpected clear of device applications. | ||||
| CVE-2021-43939 | 1 Smartptt | 1 Smartptt Scada | 2025-04-16 | 8.8 High |
| Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints. | ||||
| CVE-2022-2661 | 1 Sequi | 2 Portbloque S, Portbloque S Firmware | 2025-04-16 | 9.9 Critical |
| Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged user to perform administrative functions using specifically crafted requests. | ||||
| CVE-2022-21196 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2025-04-16 | 10 Critical |
| MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information. | ||||
| CVE-2022-23542 | 1 Openfga | 1 Openfga | 2025-04-16 | 7.7 High |
| OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and is backward compatible. | ||||
| CVE-2022-29913 | 2 Mozilla, Redhat | 4 Thunderbird, Enterprise Linux, Rhel E4s and 1 more | 2025-04-15 | 6.5 Medium |
| The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird < 91.9. | ||||