Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-6187 | 1 Linux | 1 Linux Kernel | 2023-01-17 | 7.2 HIGH | 7.8 HIGH |
The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook. | |||||
CVE-2020-3227 | 1 Cisco | 1 Ios Xe | 2022-12-23 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests for authorization tokens. An attacker could exploit this vulnerability by using a crafted API call to request such a token. An exploit could allow the attacker to obtain an authorization token and execute any of the IOx API commands on an affected device. | |||||
CVE-2016-10010 | 1 Openbsd | 1 Openssh | 2022-12-13 | 6.9 MEDIUM | 7.0 HIGH |
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. | |||||
CVE-2015-8325 | 3 Canonical, Debian, Openbsd | 5 Ubuntu Core, Ubuntu Linux, Ubuntu Touch and 2 more | 2022-12-13 | 7.2 HIGH | 7.8 HIGH |
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. | |||||
CVE-2015-6565 | 1 Openbsd | 1 Openssh | 2022-12-13 | 7.2 HIGH | N/A |
sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence. | |||||
CVE-2015-6564 | 1 Openbsd | 1 Openssh | 2022-12-13 | 6.9 MEDIUM | N/A |
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. | |||||
CVE-2015-5600 | 1 Openbsd | 1 Openssh | 2022-12-13 | 8.5 HIGH | N/A |
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. | |||||
CVE-2015-5352 | 1 Openbsd | 1 Openssh | 2022-12-13 | 4.3 MEDIUM | N/A |
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. | |||||
CVE-2022-42459 | 1 Oxilab | 1 Image Hover Effects Ultimate | 2022-11-22 | N/A | 7.2 HIGH |
Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress. | |||||
CVE-2022-41839 | 1 Wpbrigade | 1 Loginpress | 2022-11-22 | N/A | 5.3 MEDIUM |
Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings. | |||||
CVE-2022-41132 | 1 Ezoic | 1 Ezoic | 2022-11-22 | N/A | 6.1 MEDIUM |
Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress. | |||||
CVE-2022-38974 | 1 Wpml | 1 Wpml | 2022-11-21 | N/A | 4.3 MEDIUM |
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs. | |||||
CVE-2022-41978 | 1 Zohocorp | 1 Zoho Crm Lead Magnet | 2022-11-09 | N/A | 6.5 MEDIUM |
Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress. | |||||
CVE-2021-33036 | 1 Apache | 1 Hadoop | 2022-10-27 | 9.0 HIGH | 8.8 HIGH |
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. | |||||
CVE-2021-36879 | 1 Stylemixthemes | 1 Ulisting | 2022-10-27 | 7.5 HIGH | 9.8 CRITICAL |
Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. | |||||
CVE-2021-21437 | 1 Otrs | 2 Itsmconfigurationmanagement, Otrscisincustomerfrontend | 2022-10-24 | 4.0 MEDIUM | 4.3 MEDIUM |
Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions | |||||
CVE-2022-38104 | 1 Oxilab | 1 Accordions | 2022-10-24 | N/A | 7.2 HIGH |
Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari's Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress. | |||||
CVE-2022-3421 | 2 Apple, Google | 2 Macos, Drive | 2022-10-19 | N/A | 7.3 HIGH |
An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0 | |||||
CVE-2021-28052 | 1 Hitach | 1 Vantara | 2022-09-28 | N/A | 4.9 MEDIUM |
A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3. | |||||
CVE-2014-2265 | 2 Rocklobster, Wordpress | 2 Contact Form 7, Wordpress | 2022-09-27 | 5.0 MEDIUM | N/A |
Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter. |