Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25013 | 1 Themeum | 1 Qubely | 2022-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts | |||||
| CVE-2021-24500 | 1 Amentotech | 1 Workreap | 2022-10-25 | 5.8 MEDIUM | 8.1 HIGH |
| Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary objects on the target site. | |||||
| CVE-2021-34629 | 1 Sendgrid | 1 Sendgrid | 2022-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8. | |||||
| CVE-2021-24993 | 1 Etoilewebdesign | 1 Ultimate Product Catalog | 2022-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example | |||||
| CVE-2021-21437 | 1 Otrs | 2 Itsmconfigurationmanagement, Otrscisincustomerfrontend | 2022-10-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions | |||||
| CVE-2021-41239 | 1 Nextcloud | 1 Nextcloud Server | 2022-10-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. There are no known workarounds. | |||||
| CVE-2021-24977 | 1 Use Any Font Project | 1 Use Any Font | 2022-10-24 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues | |||||
| CVE-2021-24988 | 1 Wprssaggregator | 1 Wp Rss Aggregator | 2022-10-24 | 3.5 LOW | 5.4 MEDIUM |
| The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss_dismiss_addon_notice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and set a malicious payload in the addon parameter. | |||||
| CVE-2021-24790 | 1 Contact Form Advanced Database Project | 1 Contact Form Advanced Database | 2022-10-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation as well as CSRF checks in its delete_cf7_data and export_cf7_data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. The delete_cf7_data would lead to arbitrary metadata deletion, as well as PHP Object Injection if a suitable gadget chain is present in another plugin, as user data is passed to the maybe_unserialize() function without being first validated. | |||||
| CVE-2021-24914 | 1 Tawk | 1 Tawk.to Live Chat | 2022-10-24 | 6.0 MEDIUM | 8.0 HIGH |
| The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawkto_setwidget and tawkto_removewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users (including simple subscribers) to change the 'tawkto-embed-widget-page-id' and 'tawkto-embed-widget-widget-id' parameters. Any authenticated user can thus link the vulnerable website to their own Tawk.to instance. Consequently, they will be able to monitor the vulnerable website and interact with its visitors (receive contact messages, answer, ...). They will also be able to display an arbitrary Knowledge Base. The second one will remove the live chat widget from pages. | |||||
| CVE-2021-24842 | 1 Bulk Datetime Change Project | 1 Bulk Datetime Change | 2022-10-24 | 5.5 MEDIUM | 5.4 MEDIUM |
| The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users' posts. | |||||
| CVE-2021-24779 | 1 Wp Debugging Project | 1 Wp Debugging | 2022-10-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users. | |||||
| CVE-2021-21382 | 1 Wire | 1 Restund | 2022-10-21 | 5.5 MEDIUM | 9.6 CRITICAL |
| Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration that we ship (https://github.com/wireapp/ansible-restund/blob/master/templates/restund.conf.j2#L40-L43) the `status` interface of restund is enabled and is listening on `127.0.0.1`.The `status` interface allows users to issue administrative commands to `restund` like listing open relays or draining connections. It would be possible for an attacker to contact the status interface and issue administrative commands by setting `XOR-PEER-ADDRESS` to `127.0.0.1:{{restund_udp_status_port}}` when opening a TURN channel. We now explicitly disallow relaying to loopback addresses, 'any' addresses, link local addresses, and the broadcast address. As a workaround disable the `status` module in your restund configuration. However there might still be other services running on `127.0.0.0/8` that you do not want to have exposed. The `turn` module can be disabled. Restund will still perform STUN and this might already be enough for initiating calls in your environments. TURN is only used as a last resort when other NAT traversal options do not work. One should also make sure that the TURN server is set up with firewall rules so that it cannot relay to other addresses that you don't want the TURN server to relay to. For example other services in the same VPC where the TURN server is running. Ideally TURN servers should be deployed in an isolated fashion where they can only reach what they need to reach to perform their task of assisting NAT-traversal. | |||||
| CVE-2022-26423 | 1 Aethon | 1 Tug Home Base Server | 2022-10-21 | N/A | 7.5 HIGH |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | |||||
| CVE-2022-1066 | 1 Aethon | 1 Tug Home Base Server | 2022-10-21 | N/A | 8.2 HIGH |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | |||||
| CVE-2020-25629 | 1 Moodle | 1 Moodle | 2022-10-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14. | |||||
| CVE-2022-3501 | 1 Otrs | 1 Otrs | 2022-10-20 | N/A | 7.5 HIGH |
| Article template contents with sensitive data could be accessed from agents without permissions. | |||||
| CVE-2021-21264 | 1 Octobercms | 1 October | 2022-10-19 | 4.4 MEDIUM | 5.2 MEDIUM |
| October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-26231 (fixed in 1.0.470/471 and 1.1.1) was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247. An authenticated backend user with the `cms.manage_pages`, `cms.manage_layouts`, or `cms.manage_partials` permissions who would **normally** not be permitted to provide PHP code to be executed by the CMS due to `cms.enableSafeMode` being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having `cms.enableSafeMode` enabled, but would be a problem for anyone relying on `cms.enableSafeMode` to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 472 (v1.0.472) and v1.1.2. As a workaround, apply https://github.com/octobercms/october/commit/f63519ff1e8d375df30deba63156a2fc97aa9ee7 to your installation manually if unable to upgrade to Build 472 or v1.1.2. | |||||
| CVE-2022-2985 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-18 | N/A | 7.8 HIGH |
| In music service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | |||||
| CVE-2022-39107 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2022-10-18 | N/A | 7.8 HIGH |
| In Soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in Soundrecorder service with no additional execution privileges needed. | |||||