Total
2377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3019 | 1 Tooljet | 1 Tooljet | 2022-09-01 | N/A | 8.8 HIGH |
| The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one). | |||||
| CVE-2021-24146 | 1 Webnus | 1 Modern Events Calendar Lite | 2022-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example. | |||||
| CVE-2021-22941 | 1 Citrix | 1 Sharefile Storagezones Controller | 2022-08-30 | 10.0 HIGH | 9.8 CRITICAL |
| Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller. | |||||
| CVE-2021-22907 | 1 Citrix | 1 Workspace | 2022-08-30 | 7.2 HIGH | 7.8 HIGH |
| An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4. | |||||
| CVE-2021-23173 | 1 Philips | 1 Engage | 2022-08-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data. | |||||
| CVE-2015-7560 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2022-08-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. | |||||
| CVE-2022-37393 | 1 Zimbra | 1 Collaboration | 2022-08-18 | N/A | 7.8 HIGH |
| Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root. | |||||
| CVE-2021-28511 | 1 Arista | 16 7050cx3-32s, 7050cx3m-32s, 7050sx3-48c8 and 13 more | 2022-08-15 | N/A | 6.5 MEDIUM |
| This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass. | |||||
| CVE-2022-33931 | 1 Dell | 1 Wyse Management Suite | 2022-08-13 | N/A | 5.3 MEDIUM |
| Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An attacker with no access to Alert Classification page could potentially exploit this vulnerability, leading to the change the alert categories. | |||||
| CVE-2022-33926 | 1 Dell | 1 Wyse Management Suite | 2022-08-13 | N/A | 6.5 MEDIUM |
| Dell Wyse Management Suite 3.6.1 and below contains an improper access control vulnerability. A remote malicious user could exploit this vulnerability in order to retain access to a file repository after it has been revoked. | |||||
| CVE-2022-33925 | 1 Dell | 1 Wyse Management Suite | 2022-08-12 | N/A | 6.5 MEDIUM |
| Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An remote authenticated attacker could potentially exploit this vulnerability by bypassing access controls in order to download reports containing sensitive information. | |||||
| CVE-2022-33924 | 1 Dell | 1 Wyse Management Suite | 2022-08-12 | N/A | 5.3 MEDIUM |
| Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability with which an attacker with no access to create rules could potentially exploit this vulnerability and create rules. | |||||
| CVE-2021-25349 | 2 Google, Samsung | 2 Android, Slow Motion Editor | 2022-08-12 | 4.6 MEDIUM | 7.8 HIGH |
| Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2022-33714 | 1 Google | 1 Android | 2022-08-12 | N/A | 3.3 LOW |
| Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot. | |||||
| CVE-2022-33731 | 1 Google | 1 Android | 2022-08-12 | N/A | 7.1 HIGH |
| Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components. | |||||
| CVE-2022-2702 | 1 Company Website\/cms Project | 1 Company Website\/cms | 2022-08-11 | N/A | 6.5 MEDIUM |
| A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file site-settings.php of the component Cookie Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205826 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-26346 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2022-08-09 | N/A | 9.8 CRITICAL |
| A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2022-27178 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2022-08-09 | N/A | 9.8 CRITICAL |
| A denial of service vulnerability exists in the confctl_set_wan_cfg functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2022-27185 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2022-08-09 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2021-42124 | 1 Ivanti | 1 Avalanche | 2022-08-09 | 6.5 MEDIUM | 8.8 HIGH |
| An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. | |||||