Search
Total
1247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10701 | 1 Redhat | 1 Libvirt | 2022-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0. | |||||
| CVE-2021-44055 | 1 Qnap | 1 Video Station | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later | |||||
| CVE-2022-26546 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-05-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password. | |||||
| CVE-2022-0634 | 1 Caseproof | 1 Thirstyaffiliates Affiliate Link Manager | 2022-05-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the action by crafting a special request. | |||||
| CVE-2022-1092 | 1 Mycred | 1 Mycred | 2022-05-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The myCred WordPress plugin before 2.4.4 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog | |||||
| CVE-2022-20102 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2022-05-12 | 2.1 LOW | 4.4 MEDIUM |
| In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296405. | |||||
| CVE-2022-28789 | 1 Samsung | 1 Voice Note | 2022-05-11 | 2.1 LOW | 5.5 MEDIUM |
| Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities. | |||||
| CVE-2022-20098 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2022-05-11 | 2.1 LOW | 4.4 MEDIUM |
| In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06419017. | |||||
| CVE-2022-20100 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2022-05-11 | 2.1 LOW | 4.4 MEDIUM |
| In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06270804. | |||||
| CVE-2022-20084 | 2 Google, Mediatek | 55 Android, Mt6731, Mt6732 and 52 more | 2022-05-11 | 4.6 MEDIUM | 7.8 HIGH |
| In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498874; Issue ID: ALPS06498874. | |||||
| CVE-2022-20093 | 2 Google, Mediatek | 57 Android, Mt6731, Mt6732 and 54 more | 2022-05-10 | 4.6 MEDIUM | 7.8 HIGH |
| In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498868; Issue ID: ALPS06498868. | |||||
| CVE-2022-1020 | 1 Codeastrology | 1 Woo Product Table | 2022-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument | |||||
| CVE-2021-25002 | 1 Tipsacarrier Project | 1 Tipsacarrier | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL | |||||
| CVE-2022-0952 | 1 Sitemap Project | 1 Sitemap | 2022-05-09 | 6.8 MEDIUM | 8.8 HIGH |
| The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog. | |||||
| CVE-2021-36124 | 1 Echobh | 1 Sharecare | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Echo ShareCare 8.15.5. It does not perform authentication or authorization checks when accessing a subset of sensitive resources, leading to the ability for unauthenticated users to access pages that are vulnerable to attacks such as SQL injection. | |||||
| CVE-2021-20835 | 1 Mercari | 1 Mercari | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari account's access token being obtained. | |||||
| CVE-2021-36232 | 1 Unit4 | 1 Mik.starlight | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges. | |||||
| CVE-2021-20834 | 1 Nike | 1 Nike | 2022-05-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | |||||
| CVE-2021-20777 | 1 Gu-global | 1 Gu | 2022-05-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Improper authorization in handler for custom URL scheme vulnerability in GU App for Android versions from 4.8.0 to 5.0.2 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | |||||
| CVE-2020-14944 | 1 Globalradar | 1 Bsa Radar | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser. | |||||
| CVE-2021-24354 | 1 Wpdeveloper | 1 Simple 301 Redirects | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites. | |||||
| CVE-2021-24184 | 1 Themeum | 1 Tutor Lms | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions. | |||||
| CVE-2021-31921 | 1 Istio | 1 Istio | 2022-05-01 | 6.8 MEDIUM | 9.8 CRITICAL |
| Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration. | |||||
| CVE-2020-13515 | 1 Nzxt | 1 Cam | 2022-04-28 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause an adversary to obtain elevated privileges. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13512 | 1 Nzxt | 1 Cam | 2022-04-28 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0d8 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13513 | 1 Nzxt | 1 Cam | 2022-04-28 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0dc gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13514 | 1 Nzxt | 1 Cam | 2022-04-28 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0e0 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13519 | 1 Nzxt | 1 Cam | 2022-04-28 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-14001 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum. | |||||
| CVE-2020-24614 | 3 Fedoraproject, Fossil-scm, Opensuse | 4 Fedora, Fossil, Backports Sle and 1 more | 2022-04-28 | 6.5 MEDIUM | 8.8 HIGH |
| Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository. | |||||
| CVE-2020-28036 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. | |||||
| CVE-2020-0293 | 1 Google | 1 Android | 2022-04-28 | 2.1 LOW | 5.5 MEDIUM |
| In Java network APIs, there is possible access to sensitive network state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation in Android versions: Android-11, Android ID: A-141455849 | |||||
| CVE-2022-1384 | 1 Mattermost | 1 Mattermost Server | 2022-04-27 | 6.0 MEDIUM | 8.8 HIGH |
| Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities. | |||||
| CVE-2022-1329 | 1 Elementor | 1 Elementor Website Builder | 2022-04-27 | 6.5 MEDIUM | 8.8 HIGH |
| The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2. | |||||
| CVE-2020-15780 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2022-04-27 | 7.2 HIGH | 6.7 MEDIUM |
| An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30. | |||||
| CVE-2022-1054 | 1 Wpchill | 1 Rsvp And Event Management | 2022-04-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of user registered for events | |||||
| CVE-2019-19985 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2022-04-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure. | |||||
| CVE-2020-13144 | 1 Edx | 1 Open Edx Platform | 2022-04-26 | 6.5 MEDIUM | 8.8 HIGH |
| Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution. | |||||
| CVE-2020-0454 | 1 Google | 1 Android | 2022-04-26 | 2.1 LOW | 5.5 MEDIUM |
| In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of the current SSID with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-161370134 | |||||
| CVE-2020-29479 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-04-26 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable. | |||||
| CVE-2021-39225 | 1 Nextcloud | 1 Deck | 2022-04-25 | 5.5 MEDIUM | 8.1 HIGH |
| Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. There are no known workarounds aside from upgrading. | |||||
| CVE-2021-25075 | 1 Wpdevart | 1 Duplicate Page Or Post | 2022-02-28 | 3.5 LOW | 3.5 LOW |
| The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues | |||||
| CVE-2021-41112 | 2022-02-28 | N/A | N/A | ||
| Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days. Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions. Version 3.4.5 contains a patch for this issue. There are currently no known workarounds. | |||||
| CVE-2021-25011 | 2022-02-28 | N/A | N/A | ||
| The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings. | |||||
| CVE-2021-24977 | 2022-02-28 | N/A | N/A | ||
| The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues | |||||
| CVE-2021-25042 | 2022-02-28 | N/A | N/A | ||
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude. Furthermore, due to the lack of validation, sanitisation and escaping, users could set a malicious value and perform Cross-Site Scripting attacks against logged in admin | |||||
| CVE-2022-25208 | 1 Jenkins | 1 Chef Sinatra | 2022-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | |||||
| CVE-2022-25206 | 1 Jenkins | 1 Dbcharts | 2022-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials. | |||||
| CVE-2022-25199 | 1 Jenkins | 1 Scp Publisher | 2022-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
| CVE-2022-25201 | 1 Jenkins | 1 Checkmarx | 2022-02-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||