Filtered by CWE-732
Total 1505 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-1000025 1 Firebase Admin Sdk For Php Project 1 Firebase Admin Sdk For Php 2024-11-21 N/A
Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air. This attack appear to be exploitable via Attacker would only need to know email address of the victim on most cases.. This vulnerability appears to have been fixed in 3.8.1.
CVE-2018-0982 1 Microsoft 2 Windows 10, Windows Server 2016 2024-11-21 N/A
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
CVE-2018-0752 1 Microsoft 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more 2024-11-21 N/A
The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0751.
CVE-2017-9626 1 Marel 2 Pluto1203, Pluto2 2024-11-21 N/A
Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication.
CVE-2017-9268 1 Opensuse 1 Open Build Service 2024-11-21 N/A
In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption).
CVE-2017-7821 1 Mozilla 1 Firefox 2024-11-21 N/A
A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those document types. This vulnerability affects Firefox < 56.
CVE-2017-7471 1 Qemu 1 Qemu 2024-11-21 9.0 Critical
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
CVE-2017-6928 2 Debian, Drupal 2 Debian Linux, Drupal 2024-11-21 N/A
Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.
CVE-2017-5456 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Enterprise Linux and 5 more 2024-11-21 N/A
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.
CVE-2017-5426 2 Linux, Mozilla 3 Linux Kernel, Firefox, Thunderbird 2024-11-21 N/A
On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.
CVE-2017-4952 1 Vmware 1 Xenon 2024-11-21 N/A
VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure.
CVE-2017-2612 1 Jenkins 1 Jenkins 2024-11-21 N/A
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.
CVE-2017-2590 2 Freeipa, Redhat 7 Freeipa, Enterprise Linux, Enterprise Linux Desktop and 4 more 2024-11-21 N/A
A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.
CVE-2017-1699 1 Ibm 1 Websphere Mq 2024-11-21 N/A
IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.
CVE-2017-1624 1 Ibm 1 Qradar Security Information And Event Manager 2024-11-21 N/A
IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 133122.
CVE-2017-1459 1 Ibm 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile, Security Access Manager For Mobile Appliance and 2 more 2024-11-21 N/A
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378.
CVE-2017-18916 1 Mattermost 1 Mattermost Server 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.
CVE-2017-18910 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 Medium
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.
CVE-2017-18896 1 Mattermost 1 Mattermost Server 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.
CVE-2017-18894 1 Mattermost 1 Mattermost Server 2024-11-21 8.1 High
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.