Search
Total
112 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52077 | 1 Nexryai | 1 Nexkey | 2024-01-04 | N/A | 9.8 CRITICAL |
| Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server settings, as well as compromise object storage and email server credentials. This issue has been patched in 12.23Q4.5. | |||||
| CVE-2022-47002 | 1 Masacms | 1 Masacms | 2023-12-21 | N/A | 9.8 CRITICAL |
| A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request. | |||||
| CVE-2023-22518 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2023-12-19 | N/A | 9.8 CRITICAL |
| All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | |||||
| CVE-2021-21693 | 1 Jenkins | 1 Jenkins | 2023-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | |||||
| CVE-2023-20048 | 1 Cisco | 1 Firepower Management Center | 2023-11-09 | N/A | 9.9 CRITICAL |
| A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configuration commands that are sent through the web service interface. An attacker could exploit this vulnerability by authenticating to the FMC web services interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute certain configuration commands on the targeted FTD device. To successfully exploit this vulnerability, an attacker would need valid credentials on the FMC Software. | |||||
| CVE-2023-38035 | 1 Ivanti | 1 Mobileiron Sentry | 2023-08-24 | N/A | 9.8 CRITICAL |
| A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | |||||
| CVE-2022-43515 | 1 Zabbix | 1 Frontend | 2023-08-22 | N/A | 9.8 CRITICAL |
| Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range. | |||||
| CVE-2023-32748 | 1 Mitel | 1 Mivoice Connect | 2023-08-22 | N/A | 9.8 CRITICAL |
| The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. | |||||
| CVE-2023-33468 | 1 Kramerav | 4 Via Connect2, Via Connect2 Firmware, Via Go2 and 1 more | 2023-08-16 | N/A | 9.1 CRITICAL |
| KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen. | |||||
| CVE-2022-30308 | 1 Festo | 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more | 2023-08-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | |||||
| CVE-2022-30310 | 1 Festo | 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more | 2023-08-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | |||||
| CVE-2022-30309 | 1 Festo | 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more | 2023-08-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | |||||
| CVE-2022-30311 | 1 Festo | 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more | 2023-08-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | |||||
| CVE-2022-32310 | 1 Ingredient Stock Management System Project | 1 Ingredient Stock Management System | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php. | |||||
| CVE-2023-36090 | 1 Dlink | 2 Dir-885l, Dir-885l Firmware | 2023-08-04 | N/A | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-36089 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2023-08-04 | N/A | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-36091 | 1 Dlink | 2 Dir-895l, Dir-895l Firmware | 2023-08-04 | N/A | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-36092 | 1 Dlink | 2 Dir-859, Dir-859 Firmware | 2023-08-04 | N/A | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-1309 | 1 Google | 1 Chrome | 2022-07-27 | N/A | 9.6 CRITICAL |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2022-22978 | 1 Vmware | 1 Spring Security | 2022-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass | |||||
| CVE-2022-26479 | 1 Poly | 2 Eagleeye Director Ii, Eagleeye Director Ii Firmware | 2022-07-22 | N/A | 9.8 CRITICAL |
| An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentication. | |||||
| CVE-2022-35890 | 1 Inductiveautomation | 1 Ignition | 2022-07-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy. | |||||
| CVE-2022-32294 | 1 Zimbra | 1 Collaboration | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). | |||||
| CVE-2020-18701 | 1 Talelin | 1 Lin-cms-flask | 2022-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets. | |||||
| CVE-2020-19301 | 1 Vaethink | 1 Vaethink | 2022-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter. | |||||
| CVE-2022-32532 | 1 Apache | 1 Shiro | 2022-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. | |||||
| CVE-2020-13300 | 1 Gitlab | 1 Gitlab | 2022-07-01 | 6.4 MEDIUM | 10.0 CRITICAL |
| GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. | |||||
| CVE-2022-27668 | 1 Sap | 4 Netweaver As Abap, Netweaver As Abap Krnl64nuc, Netweaver As Abap Krnl64uc and 1 more | 2022-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. | |||||
| CVE-2022-29423 | 1 Edmonsoft | 1 Countdown Builder | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. | |||||
| CVE-2022-20777 | 1 Cisco | 1 Enterprise Nfv Infrastructure Software | 2022-05-11 | 9.0 HIGH | 9.9 CRITICAL |
| Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-26753 | 1 Nedi | 1 Nedi | 2022-05-03 | 6.5 MEDIUM | 9.9 CRITICAL |
| NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data. | |||||
| CVE-2020-7692 | 1 Google | 1 Oauth Client Library For Java | 2022-05-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0. | |||||
| CVE-2022-21196 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2022-02-26 | 10.0 HIGH | 9.8 CRITICAL |
| MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information. | |||||
| CVE-2022-21141 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2022-02-26 | 10.0 HIGH | 9.8 CRITICAL |
| MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information. | |||||
| CVE-2020-13957 | 1 Apache | 1 Solr | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. | |||||
| CVE-2021-38503 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-02-22 | 7.5 HIGH | 10.0 CRITICAL |
| The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
| CVE-2022-24307 | 1 Joinmastodon | 1 Mastodon | 2022-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. (JSON-LD signing has been supported since version 1.6.0.) | |||||
| CVE-2022-22157 | 1 Juniper | 1 Junos | 2022-01-28 | 5.8 MEDIUM | 9.3 CRITICAL |
| A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. JDPI incorrectly classifies out-of-state asymmetric TCP flows as the dynamic-application INCONCLUSIVE instead of UNKNOWN, which is more permissive, causing the firewall to allow traffic to be forwarded that should have been denied. This issue only occurs when 'set security flow tcp-session no-syn-check' is configured on the device. This issue affects Juniper Networks Junos OS on SRX Series: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R2-S5, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1. | |||||
| CVE-2022-22167 | 1 Juniper | 28 Junos, Srx100, Srx110 and 25 more | 2022-01-28 | 6.8 MEDIUM | 9.8 CRITICAL |
| A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. While JDPI correctly classifies out-of-state asymmetric TCP flows as the dynamic-application UNKNOWN, this classification is not provided to the policy module properly and hence traffic continues to use the pre-id-default-policy, which is more permissive, causing the firewall to allow traffic to be forwarded that should have been denied. This issue only occurs when 'set security flow tcp-session no-syn-check' is configured on the device. This issue affects Juniper Networks Junos OS on SRX Series: 18.4 versions prior to 18.4R2-S10, 18.4R3-S10; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1. | |||||
| CVE-2020-4877 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843. | |||||
| CVE-2021-20149 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2022-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default. | |||||
| CVE-2021-23803 | 1 Nette | 1 Latte | 2021-12-27 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions. | |||||
| CVE-2021-30571 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-22389 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Permission Control Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed. | |||||
| CVE-2021-38454 | 1 Moxa | 1 Mxview | 2021-10-19 | 7.5 HIGH | 10.0 CRITICAL |
| A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | |||||
| CVE-2021-41975 | 1 Tadtools Project | 1 Tadtools | 2021-10-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in. | |||||
| CVE-2020-21124 | 1 Ureport Project | 1 Ureport | 2021-09-28 | 7.5 HIGH | 9.8 CRITICAL |
| UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page. | |||||
| CVE-2021-28911 | 1 Bab-technologie | 2 Eibport, Eibport Firmware | 2021-09-20 | 10.0 HIGH | 9.8 CRITICAL |
| BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. device serial number). Having those info, a possible loginId can be self-calculated in a brute force attack against BMX interface. This is usable and part of an attack chain to gain SSH root access. | |||||
| CVE-2010-1435 | 1 Joomla | 1 Joomla\! | 2021-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | |||||
| CVE-2021-27663 | 1 Johnsoncontrols | 2 Ac2000, Ac2000 Firmware | 2021-09-07 | 9.3 HIGH | 9.8 CRITICAL |
| A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5. | |||||