CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-9543 – openstack-manila: User with share-network UUID is able to show, create and delete shares
https://notcve.org/view.php?id=CVE-2020-9543
12 Mar 2020 — OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks. OpenStack Manila versiones anteriores a 7.4.1, versiones posteriores a 8.0.0 incluyéndola y anteriores a 8.1.1, y versiones posteriores a 9.0.0 incluyéndola y anteriores a 9.1.1, permite a atacantes visualizar... • http://www.openwall.com/lists/oss-security/2020/03/12/1 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 1CVE-2006-1769
https://notcve.org/view.php?id=CVE-2006-1769
13 Apr 2006 — Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila 9.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the mode parameter in msgReader$1 and (2) the end of the URI in viewDepartment$. • http://secunia.com/advisories/19636 •