Total
1438 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31252 | 2 Opensuse, Suse | 3 Leap, Leap Micro, Linux Enterprise Server | 2022-11-07 | N/A | 4.4 MEDIUM |
| A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225. | |||||
| CVE-2019-3848 | 1 Moodle | 1 Moodle | 2022-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access, users could not edit the events.) | |||||
| CVE-2020-24771 | 1 Nexusphp | 1 Nexusphp | 2022-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content. | |||||
| CVE-2022-0594 | 1 Shareaholic | 1 Shareaholic | 2022-11-05 | N/A | 5.3 MEDIUM |
| The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc. | |||||
| CVE-2022-31107 | 2 Grafana, Netapp | 2 Grafana, E-series Performance Analyzer | 2022-10-29 | N/A | 7.5 HIGH |
| Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address. | |||||
| CVE-2022-29854 | 1 Mitel | 8 6905, 6910, 6920 and 5 more | 2022-10-29 | 7.2 HIGH | 6.8 MEDIUM |
| A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution. | |||||
| CVE-2022-39322 | 1 Keystonejs | 1 Keystone | 2022-10-28 | N/A | 9.8 CRITICAL |
| @keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their `multiselect` fields to use the field-level access control - if configured - are vulnerable to their field-level access control not being used. List-level access control is not affected. Field-level access control for fields other than `multiselect` are not affected. Version 2.3.1 contains a fix for this issue. As a workaround, stop using the `multiselect` field. | |||||
| CVE-2022-27668 | 1 Sap | 4 Netweaver As Abap, Netweaver As Abap Krnl64nuc, Netweaver As Abap Krnl64uc and 1 more | 2022-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. | |||||
| CVE-2021-38345 | 1 Brizy | 1 Brizy-page Builder | 2022-10-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127. | |||||
| CVE-2021-34648 | 1 Ninjaforms | 1 Ninja Forms | 2022-10-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /ninja-forms-submissions/email-action REST API which can be used to socially engineer victims. | |||||
| CVE-2021-34647 | 1 Ninjaforms | 1 Ninja Forms | 2022-10-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information. | |||||
| CVE-2021-38312 | 1 Redux | 1 Gutenberg Template Library \& Redux Framework | 2022-10-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The `permissions_callback` used in this file only checked for the `edit_posts` capability which is granted to lower-privileged users such as contributors, allowing such users to install arbitrary plugins from the WordPress repository and edit arbitrary posts. | |||||
| CVE-2021-37705 | 1 Microsoft | 1 Onefuzz | 2022-10-27 | 6.8 MEDIUM | 10.0 CRITICAL |
| OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a OneFuzz deployment must be both version 2.12.0 or greater and deployed with the non-default --multi_tenant_domain option. This can result in read/write access to private data such as software vulnerability and crash information, security testing tools and proprietary code and symbols. Via authorized API calls, this also enables tampering with existing data and unauthorized code execution on Azure compute resources. This issue is resolved starting in release 2.31.0, via the addition of application-level check of the bearer token's `issuer` against an administrator-configured allowlist. As a workaround users can restrict access to the tenant of a deployed OneFuzz instance < 2.31.0 by redeploying in the default configuration, which omits the `--multi_tenant_domain` option. | |||||
| CVE-2021-30638 | 1 Apache | 1 Tapestry | 2022-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1. | |||||
| CVE-2021-37864 | 1 Mattermost | 1 Mattermost | 2022-10-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs. | |||||
| CVE-2022-1499 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 6.3 MEDIUM |
| Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | |||||
| CVE-2020-18701 | 1 Talelin | 1 Lin-cms-flask | 2022-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets. | |||||
| CVE-2020-19301 | 1 Vaethink | 1 Vaethink | 2022-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter. | |||||
| CVE-2022-34255 | 2 Adobe, Magento | 2 Commerce, Magento | 2022-10-26 | N/A | 8.8 HIGH |
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker with a low privilege account could leverage this vulnerability to perform an account takeover for a victim. Exploitation of this issue does not require user interaction. | |||||
| CVE-2021-41241 | 1 Nextcloud | 1 Nextcloud Server | 2022-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows setting "advanced permissions" on subfolders, for example, a user could be granted access to the groupfolder but not specific subfolders. Due to a lacking permission check in affected versions, a user could still access these subfolders by copying the groupfolder to another location. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the "groupfolders" application in the admin settings. | |||||