CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25368
https://notcve.org/view.php?id=CVE-2021-25368
25 Mar 2021 — Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed. Una vulnerabilidad de secuestro en Samsung Cloud versiones anteriores a 4.7.0.3, permite a atacantes interceptar cuando el proveedor es ejecutado • https://security.samsungmobile.com • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2020-15506
https://notcve.org/view.php?id=CVE-2020-15506
07 Jul 2020 — An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors. Una vulnerabilidad de omisión de autentificación en MobileIron Core y Connector versiones 10.3.0.3 y anteriores, versiones 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 y versión 10.6.0.0 permite a atacantes remotos omitir los mecanismo... • https://www.mobileiron.com/en/blog/mobileiron-security-updates-available •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2020-15507
https://notcve.org/view.php?id=CVE-2020-15507
07 Jul 2020 — An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read files on the system via unspecified vectors. Se presenta una vulnerabilidad arbitraria de lectura de archivos en MobileIron Core y Connector versiones 10.3.0.3 y anteriores, versiones 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 y versión 10.6.0.0 que permite a atacantes remotos leer archivos sobre... • https://www.mobileiron.com/en/blog/mobileiron-security-updates-available •
CVSS: 10.0EPSS: 87%CPEs: 1EXPL: 4CVE-2018-14417 – SoftNAS Cloud < 4.0.3 - OS Command Injection
https://notcve.org/view.php?id=CVE-2018-14417
27 Jul 2018 — A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions. Se ha encontrado una vulnerabilidad de inyección de comandos en la consola de administración web en SoftNAS Cloud en versiones anteriores a la 4.0.3. En particular, el script snserv no saneó el parámetro "re... • https://packetstorm.news/files/id/148718 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2014-3476 – openstack-keystone: privilege escalation through trust chained delegation
https://notcve.org/view.php?id=CVE-2014-3476
17 Jun 2014 — OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles. OpenStack Identity (Keystone) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-2 no maneja debidamente la delegación encadenada, lo que permite a usuarios remotos autenticado... • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html • CWE-269: Improper Privilege Management •