Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name.
HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also acc...
In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. I...
In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no addit...
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The mani...
A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to ...
File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through t...