Search
Total
445 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22854 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-02-22 | 6.5 MEDIUM | 8.8 HIGH |
| An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management System v1.0 allows attackers to escalate privileges via accessing and editing the user list. | |||||
| CVE-2019-10184 | 2 Netapp, Redhat | 7 Active Iq Unified Manager, Enterprise Linux, Jboss Data Grid and 4 more | 2022-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api. | |||||
| CVE-2022-24317 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2022-02-17 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | |||||
| CVE-2022-21660 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2022-02-15 | 5.5 MEDIUM | 8.1 HIGH |
| Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the `setUserInfo` function. Users are advised to update as soon as possible. There are no known workarounds. | |||||
| CVE-2021-24839 | 1 Supportcandy | 1 Supportcandy | 2022-02-15 | 5.0 MEDIUM | 7.5 HIGH |
| The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well. | |||||
| CVE-2022-20043 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2022-02-14 | 4.6 MEDIUM | 7.8 HIGH |
| In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06148177; Issue ID: ALPS06148177. | |||||
| CVE-2022-20041 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2022-02-14 | 4.6 MEDIUM | 7.8 HIGH |
| In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108596; Issue ID: ALPS06108596. | |||||
| CVE-2022-20024 | 2 Google, Mediatek | 28 Android, Mt6580, Mt6739 and 25 more | 2022-02-14 | 4.6 MEDIUM | 7.8 HIGH |
| In system service, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219064; Issue ID: ALPS06219064. | |||||
| CVE-2021-25095 | 1 Ip2location | 1 Country Blocker | 2022-02-14 | 5.5 MEDIUM | 7.1 HIGH |
| The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. | |||||
| CVE-2021-24831 | 1 Rich-web | 1 Tab | 2022-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs. | |||||
| CVE-2021-25093 | 1 Link Library Project | 1 Link Library | 2022-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request | |||||
| CVE-2018-7792 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2022-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table. | |||||
| CVE-2021-44795 | 1 Krontech | 1 Single Connect | 2022-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui" module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other users without authenticating. | |||||
| CVE-2021-44793 | 1 Krontech | 1 Single Connect | 2022-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information including the database credentials. Since the database runs with high privileges it is possible to execute commands with the attained credentials. | |||||
| CVE-2022-0236 | 1 Vjinfotech | 2 Wp Import Export, Wp Import Export Lite | 2022-01-24 | 5.0 MEDIUM | 7.5 HIGH |
| The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file. This made it possible for unauthenticated attackers to download any imported or exported information from a vulnerable site which can contain sensitive information like user data. This affects versions up to, and including, 3.9.15. | |||||
| CVE-2020-9458 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 6.5 MEDIUM | 8.8 HIGH |
| In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export. | |||||
| CVE-2020-9457 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 6.5 MEDIUM | 8.8 HIGH |
| The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation. | |||||
| CVE-2020-9456 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 6.5 MEDIUM | 8.8 HIGH |
| In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit. | |||||
| CVE-2021-20873 | 1 Yappli | 1 Yappli | 2022-01-12 | 5.8 MEDIUM | 8.1 HIGH |
| Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme. When Android apps are developed with Yappli versions since v7.3.6 and prior to v9.30.0, they are vulnerable to improper authorization in Custom URL Scheme handler, and may be directed to unintended sites via a specially crafted URL. | |||||
| CVE-2022-22111 | 1 Daybydaycrm | 1 Daybyday Crm | 2022-01-08 | 6.5 MEDIUM | 8.8 HIGH |
| In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator’s. This allows the attacker to gain access to the highest privileged user in the application. | |||||
| CVE-2021-3653 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2022-01-06 | 6.1 MEDIUM | 8.8 HIGH |
| A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7. | |||||
| CVE-2021-37572 | 1 Mediatek | 14 Mt7603e, Mt7603e Firmware, Mt7613 and 11 more | 2022-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Missing authorization). | |||||
| CVE-2021-44233 | 1 Sap | 1 Access Control | 2022-01-03 | 6.5 MEDIUM | 8.8 HIGH |
| SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges. | |||||
| CVE-2020-24718 | 4 Freebsd, Netapp, Omniosce and 1 more | 4 Freebsd, Clustered Data Ontap, Omnios and 1 more | 2022-01-01 | 7.2 HIGH | 8.2 HIGH |
| bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP. | |||||
| CVE-2021-27857 | 1 Fatpipeinc | 6 Ipvpn, Ipvpn Firmware, Mpvpn and 3 more | 2021-12-21 | 4.3 MEDIUM | 7.5 HIGH |
| A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003. | |||||
| CVE-2021-27859 | 1 Fatpipeinc | 6 Ipvpn, Ipvpn Firmware, Mpvpn and 3 more | 2021-12-21 | 6.5 MEDIUM | 8.8 HIGH |
| A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005. | |||||
| CVE-2020-10684 | 3 Debian, Fedoraproject, Redhat | 5 Debian Linux, Fedora, Ansible and 2 more | 2021-12-20 | 3.6 LOW | 7.1 HIGH |
| A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection. | |||||
| CVE-2021-1017 | 1 Google | 1 Android | 2021-12-20 | 4.4 MEDIUM | 7.8 HIGH |
| In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-182583850 | |||||
| CVE-2021-41066 | 1 Bopsoft | 1 Listary | 2021-12-20 | 7.6 HIGH | 7.5 HIGH |
| An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will not ask for permissions again if a user tries to access files on the system from Listary itself (it will bypass UAC protection; there is no privilege validation of the current user that runs via Listary). | |||||
| CVE-2021-0923 | 1 Google | 1 Android | 2021-12-17 | 7.2 HIGH | 7.8 HIGH |
| In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195338390 | |||||
| CVE-2021-0926 | 1 Google | 1 Android | 2021-12-17 | 7.2 HIGH | 7.8 HIGH |
| In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-191053931 | |||||
| CVE-2021-0922 | 1 Google | 1 Android | 2021-12-17 | 4.6 MEDIUM | 7.8 HIGH |
| In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACT_ACROSS_PROFILES permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195630721 | |||||
| CVE-2021-20865 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2021-12-15 | 5.0 MEDIUM | 7.5 HIGH |
| Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors. | |||||
| CVE-2021-24914 | 1 Tawk | 1 Tawk.to Live Chat | 2021-12-06 | 6.0 MEDIUM | 8.0 HIGH |
| The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users (including simple subscribers) to change the 'tawkto-embed-widget-page-id' and 'tawkto-embed-widget-widget-id' parameters. Any authenticated user can thus link the vulnerable website to their own Tawk.to instance. Consequently, they will be able to monitor the vulnerable website and interact with its visitors (receive contact messages, answer, ...). They will also be able to display an arbitrary Knowledge Base. The second one will remove the live chat widget from pages. | |||||
| CVE-2021-40502 | 1 Sap | 1 Commerce | 2021-11-28 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from b2b units they do not belong to. | |||||
| CVE-2021-30874 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2021-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A VPN configuration may be installed by an app without user permission. | |||||
| CVE-2021-40501 | 1 Sap | 1 Abap Platform Kernel | 2021-11-12 | 5.5 MEDIUM | 8.1 HIGH |
| SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system. | |||||
| CVE-2021-41238 | 1 Hangfire | 1 Hangfire | 2021-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no custom authorization filters specified, `LocalRequestsOnlyAuthorizationFilter` filter is being used to allow only local requests and prohibit all the remote requests to provide sensible, protected by default settings. However due to the recent changes, in version 1.7.25 no authorization filters are used by default, allowing remote requests to succeed. If you are using `UseHangfireDashboard` method with default `DashboardOptions.Authorization` property value, then your installation is impacted. If any other authorization filter is specified in the `DashboardOptions.Authorization` property, the you are not impacted. Patched versions (1.7.26) are available both on Nuget.org and as a tagged release on the github repo. Default authorization rules now prohibit remote requests by default again by including the `LocalRequestsOnlyAuthorizationFilter` filter to the default settings. Please upgrade to the newest version in order to mitigate the issue. For users who are unable to upgrade it is possible to mitigate the issue by using the `LocalRequestsOnlyAuthorizationFilter` explicitly when configuring the Dashboard UI. | |||||
| CVE-2020-14306 | 1 Istio-operator Project | 1 Istio-operator | 2021-11-04 | 6.5 MEDIUM | 8.8 HIGH |
| An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2018-25019 | 1 Learndash | 1 Learndash | 2021-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server | |||||
| CVE-2015-20067 | 1 Wp Attachment Export Project | 1 Wp Attachment Export | 2021-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress | |||||
| CVE-2019-15576 | 1 Gitlab | 1 Gitlab | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint. | |||||
| CVE-2021-37738 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2021-10-20 | 5.0 MEDIUM | 7.5 HIGH |
| A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-39893 | 1 Gitlab | 1 Gitlab | 2021-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation. | |||||
| CVE-2021-41077 | 1 Travis-ci | 1 Travis Ci | 2021-09-29 | 4.3 MEDIUM | 7.5 HIGH |
| The activation process in Travis CI, for certain 2021-09-03 through 2021-09-10 builds, causes secret data to have unexpected sharing that is not specified by the customer-controlled .travis.yml file. In particular, the desired behavior (if .travis.yml has been created locally by a customer, and added to git) is for a Travis service to perform builds in a way that prevents public access to customer-specific secret environment data such as signing keys, access credentials, and API tokens. However, during the stated 8-day interval, secret data could be revealed to an unauthorized actor who forked a public repository and printed files during a build process. | |||||
| CVE-2021-33704 | 1 Sap | 1 Business One | 2021-09-28 | 6.5 MEDIUM | 8.8 HIGH |
| The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack, the attacker may be able to read, modify or delete restricted data. The impact is that missing authorization can result of abuse of functionality usually restricted to specific users. | |||||
| CVE-2019-3399 | 1 Atlassian | 1 Jira | 2021-09-14 | 5.0 MEDIUM | 7.5 HIGH |
| The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check. | |||||
| CVE-2018-8012 | 3 Apache, Debian, Oracle | 3 Zookeeper, Debian Linux, Goldengate Stream Analytics | 2021-09-14 | 5.0 MEDIUM | 7.5 HIGH |
| No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. | |||||
| CVE-2021-40378 | 1 Comprotech | 8 Ip570, Ip570 Firmware, Ip60 and 5 more | 2021-09-10 | 8.5 HIGH | 8.1 HIGH |
| An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device. | |||||
| CVE-2017-9036 | 1 Trendmicro | 1 Serverprotect | 2021-09-09 | 7.2 HIGH | 7.8 HIGH |
| Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory. | |||||