Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
acl vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-1782
HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.
Hashicorp Nomad
9.8
CVSSv3
CVE-2019-12254
In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated user with limited access rights. Based on the lack of adequately implemented acces...
Gok Smartbox 4 Lan Firmware
Gok Smartbox 4 Lan Pro Firmware
Tecson Lx-q-net Firmware
Tecson Lx-net Firmware
Tecson E-litro Net Firmware
9.8
CVSSv3
CVE-2020-29006
MISP prior to 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.
Misp Misp
9.8
CVSSv3
CVE-2020-8349
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it i...
Lenovo Cloud Networking Operating System
9.8
CVSSv3
CVE-2020-15505
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and previous versions, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and previous versions, and 9.8.0; and Monitor and Reporting Databas...
Mobileiron Core
Mobileiron Enterprise Connector
Mobileiron Sentry
Mobileiron Monitor And Reporting Database
1 Github repository
1 Article
9.8
CVSSv3
CVE-2020-15411
An issue exists in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader.
Misp Misp 2.4.128
9.8
CVSSv3
CVE-2019-19104
The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue a...
Abb Tg\\/s3.2 Firmware -
Busch-jaeger 6186\\/11 Firmware -
9.8
CVSSv3
CVE-2019-12524
An issue exists in Squid up to and including 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maint...
Squid-cache Squid
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
9.8
CVSSv3
CVE-2020-8010
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
Broadcom Unified Infrastructure Management
Broadcom Unified Infrastructure Management 20.1
1 Github repository
9.8
CVSSv3
CVE-2019-10509
Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM...
Qualcomm Msm8909w Firmware -
Qualcomm Msm8996au Firmware -
Qualcomm Qca6574au Firmware -
Qualcomm Qcs405 Firmware -
Qualcomm Qcs605 Firmware -
Qualcomm Sd 425 Firmware -
Qualcomm Sd 427 Firmware -
Qualcomm Sd 430 Firmware -
Qualcomm Sd 435 Firmware -
Qualcomm Sd 439 Firmware -
Qualcomm Sd 429 Firmware -
Qualcomm Sd 450 Firmware -
Qualcomm Sd 625 Firmware -
Qualcomm Sd 632 Firmware -
Qualcomm Sd 636 Firmware -
Qualcomm Sd 665 Firmware -
Qualcomm Sd 675 Firmware -
Qualcomm Sd 712 Firmware -
Qualcomm Sd 710 Firmware -
Qualcomm Sd 670 Firmware -
Qualcomm Sd 730 Firmware -
Qualcomm Sd 820 Firmware -
2 Articles
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »