Search
Total
1079 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28612 | 1 Custom Popup Builder Project | 1 Custom Popup Builder | 2022-06-24 | 3.5 LOW | 5.4 MEDIUM |
| Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress. | |||||
| CVE-2022-1656 | 1 Artbees | 2 Jupiter X Core, Jupiterx | 2022-06-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (<=2.0.6). This includes the ability to deactivate arbitrary plugins as well as update the theme’s API key. | |||||
| CVE-2022-1598 | 1 2code | 1 Wpqa Builder | 2022-06-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| The WPQA Builder WordPress plugin before 5.4 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site. | |||||
| CVE-2022-31024 | 1 Nextcloud | 1 Richdocuments | 2022-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available. | |||||
| CVE-2022-29160 | 1 Nextcloud | 1 Nextcloud | 2022-06-02 | 2.1 LOW | 3.3 LOW |
| Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information. Nextcloud Android version 3.19.0 contains a patch for this issue. There are no known workarounds available. | |||||
| CVE-2015-0675 | 1 Cisco | 1 Adaptive Security Appliance Software | 2022-05-26 | 8.3 HIGH | N/A |
| The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069. | |||||
| CVE-2021-33013 | 1 Myscada | 1 Mypro | 2022-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. | |||||
| CVE-2019-25060 | 1 Wpgraphql | 1 Wpgraphql | 2022-05-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site. | |||||
| CVE-2022-0824 | 1 Webmin | 1 Webmin | 2022-05-13 | 9.0 HIGH | 8.8 HIGH |
| Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | |||||
| CVE-2016-5582 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 9.3 HIGH | 9.6 CRITICAL |
| Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573. | |||||
| CVE-2016-5556 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 9.3 HIGH | 9.6 CRITICAL |
| Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. | |||||
| CVE-2016-5568 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 9.3 HIGH | 9.6 CRITICAL |
| Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. | |||||
| CVE-2022-0541 | 1 Flothemes | 1 Flo-launch | 2022-05-04 | 7.5 HIGH | 9.8 CRITICAL |
| The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value. | |||||
| CVE-2022-29417 | 1 Shortpixel | 1 Shortpixel Adaptive Images | 2022-05-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings. | |||||
| CVE-2020-25238 | 1 Siemens | 2 Simatic Process Control System Neo, Totally Integrated Automation Portal | 2022-04-29 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. | |||||
| CVE-2021-24688 | 2022-02-28 | N/A | N/A | ||
| The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure that the post belong to them (or that they are allowed to perform such action on it) | |||||
| CVE-2022-21706 | 2022-02-26 | N/A | N/A | ||
| Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation created in one organization (potentially as a role with elevated permissions) can be used to join any other organization. This bypasses any restrictions on required domains on users' email addresses, may be used to gain access to organizations which are only accessible by invitation, and may be used to gain access with elevated privileges. This issue has been patched in release 4.10. There are no known workarounds for this issue. ### Patches _Has the problem been patched? What versions should users upgrade to?_ ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_ ### For more information If you have any questions or comments about this advisory, you can discuss them on the [developer community Zulip server](https://zulip.com/developer-community/), or email the [Zulip security team](mailto:security@zulip.com). | |||||
| CVE-2022-0273 | 1 Calibre-web Project | 1 Calibre-web | 2022-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in Pypi calibreweb prior to 0.6.16. | |||||
| CVE-2020-7573 | 1 Schneider-electric | 1 Webreports | 2022-01-31 | 6.4 MEDIUM | 6.5 MEDIUM |
| A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control. | |||||
| CVE-2016-5714 | 1 Puppet | 2 Puppet Agent, Puppet Enterprise | 2022-01-24 | 6.5 MEDIUM | 7.2 HIGH |
| Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability." | |||||
| CVE-2016-2788 | 1 Puppet | 2 Marionette Collective, Puppet Enterprise | 2022-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. | |||||
| CVE-2022-0170 | 1 Framasoft | 1 Peertube | 2022-01-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| peertube is vulnerable to Improper Access Control | |||||
| CVE-2022-0133 | 1 Framasoft | 1 Peertube | 2022-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| peertube is vulnerable to Improper Access Control | |||||
| CVE-2019-10127 | 2 Microsoft, Postgresql | 2 Windows, Postgresql | 2022-01-01 | 4.3 MEDIUM | 8.8 HIGH |
| A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files. | |||||
| CVE-2019-10128 | 2 Microsoft, Postgresql | 2 Windows, Postgresql | 2022-01-01 | 4.1 MEDIUM | 7.8 HIGH |
| A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. | |||||
| CVE-2021-36779 | 1 Linuxfoundation | 1 Longhorn | 2021-12-30 | 8.3 HIGH | 9.6 CRITICAL |
| A Improper Access Control vulnerability inf SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3. | |||||
| CVE-2021-36780 | 1 Linuxfoundation | 1 Longhorn | 2021-12-30 | 4.8 MEDIUM | 8.1 HIGH |
| A Improper Access Control vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3v. | |||||
| CVE-2021-4119 | 1 Bookstackapp | 1 Bookstack | 2021-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| bookstack is vulnerable to Improper Access Control | |||||
| CVE-2021-24859 | 1 User Meta Shortcodes Project | 1 User Meta Shortcodes | 2021-12-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes | |||||
| CVE-2020-10627 | 1 Omnipod | 2 Insulin Management System, Insulin Management System Firmware | 2021-12-04 | 4.8 MEDIUM | 8.1 HIGH |
| Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. | |||||
| CVE-2021-24146 | 1 Webnus | 1 Modern Events Calendar Lite | 2021-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example. | |||||
| CVE-2021-43019 | 2 Adobe, Apple | 2 Creative Cloud Desktop Application, Macos | 2021-11-24 | 9.3 HIGH | 7.8 HIGH |
| Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability on the product installer. User interaction is required before product installation to abuse this vulnerability. | |||||
| CVE-2021-26262 | 1 Philips | 4 Mri 1.5t, Mri 1.5t Firmware, Mri 3t and 1 more | 2021-11-23 | 5.0 MEDIUM | 5.5 MEDIUM |
| Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | |||||
| CVE-2021-42360 | 1 Brainstormforce | 1 Starter Templates | 2021-11-19 | 3.5 LOW | 5.4 MEDIUM |
| On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page. | |||||
| CVE-2021-39333 | 1 Hashthemes | 1 Hashthemes Demo Importer | 2021-11-02 | 5.5 MEDIUM | 8.1 HIGH |
| The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of wp-content/uploads. | |||||
| CVE-2021-34864 | 1 Parallels | 1 Parallels Desktop | 2021-10-27 | 4.6 MEDIUM | 8.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the WinAppHelper component. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13543. | |||||
| CVE-2021-38457 | 1 Auvesy | 1 Versiondog | 2021-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication. | |||||
| CVE-2021-38392 | 1 Bostonscientific | 2 Zoom Latitude Pogrammer\/recorder\/monitor 3120, Zoom Latitude Pogrammer\/recorder\/monitor 3120 Firmware | 2021-10-13 | 7.2 HIGH | 7.6 HIGH |
| A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world. | |||||
| CVE-2021-24635 | 1 Bootstrapped | 1 Visual Link Preview | 2021-10-01 | 5.5 MEDIUM | 5.4 MEDIUM |
| The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, 2) Get title of a password-protected post as well as 3) Upload an image from an URL | |||||
| CVE-2021-24583 | 1 Motopress | 1 Timetable And Event Schedule | 2021-10-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be performed via CSRF against a logged in with such capability | |||||
| CVE-2016-5385 | 8 Debian, Drupal, Fedoraproject and 5 more | 14 Debian Linux, Drupal, Fedora and 11 more | 2021-09-29 | 5.1 MEDIUM | 8.1 HIGH |
| PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. | |||||
| CVE-2021-37183 | 1 Siemens | 1 Sinema Remote Connect Server | 2021-09-23 | 3.3 LOW | 6.5 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices. | |||||
| CVE-2021-32517 | 1 Qsan | 1 Storage Manager | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Improper access control vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in download function. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | |||||
| CVE-2021-32514 | 1 Qsan | 1 Storage Manager | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | |||||
| CVE-2016-3987 | 1 Trendmicro | 1 Password Manager | 2021-09-09 | 10.0 HIGH | 9.8 CRITICAL |
| The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. | |||||
| CVE-2016-2785 | 1 Puppet | 3 Puppet, Puppet Agent, Puppet Server | 2021-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding. | |||||
| CVE-2021-21045 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-08 | 9.3 HIGH | 8.2 HIGH |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the context of the current user. | |||||
| CVE-2020-24433 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-08 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment. | |||||
| CVE-2016-3366 | 1 Microsoft | 1 Outlook | 2021-08-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046, which allows remote attackers to bypass virus or spam detection via crafted MIME data in an e-mail attachment, aka "Microsoft Office Spoofing Vulnerability." | |||||
| CVE-2021-24500 | 1 Amentotech | 1 Workreap | 2021-08-17 | 5.8 MEDIUM | 8.1 HIGH |
| Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary objects on the target site. | |||||