The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP S...

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions...

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by lever...

cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator passwor...

Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges ...