Total
2377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4026 | 1 Bookstackapp | 1 Bookstack | 2022-08-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| bookstack is vulnerable to Improper Access Control | |||||
| CVE-2021-4119 | 1 Bookstackapp | 1 Bookstack | 2022-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| bookstack is vulnerable to Improper Access Control | |||||
| CVE-2021-4089 | 1 Snipeitapp | 1 Snipe-it | 2022-08-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| snipe-it is vulnerable to Improper Access Control | |||||
| CVE-2021-40404 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-08-09 | 6.4 MEDIUM | 6.5 MEDIUM |
| An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-45074 | 1 Jfrog | 1 Artifactory | 2022-08-09 | 5.5 MEDIUM | 5.4 MEDIUM |
| JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session. | |||||
| CVE-2021-42855 | 1 Riverbed | 1 Steelcentral Appinternals Dynamic Sampling Agent | 2022-08-09 | 4.6 MEDIUM | 7.8 HIGH |
| It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed. | |||||
| CVE-2021-42029 | 1 Siemens | 71 Simatic S7-1200 Cpu, Simatic S7-1200 Cpu 1211c, Simatic S7-1200 Cpu 1212c and 68 more | 2022-08-09 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server. | |||||
| CVE-2021-45730 | 1 Jfrog | 1 Artifactory | 2022-08-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators. | |||||
| CVE-2021-41834 | 1 Jfrog | 1 Artifactory | 2022-08-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. | |||||
| CVE-2020-1754 | 1 Moodle | 1 Moodle | 2022-08-07 | N/A | 4.3 MEDIUM |
| In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups. | |||||
| CVE-2022-2631 | 1 Tooljet | 1 Tooljet | 2022-08-06 | N/A | 8.8 HIGH |
| Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0. | |||||
| CVE-2022-26308 | 1 Pandorafms | 1 Pandora Fms | 2022-08-05 | N/A | 5.4 MEDIUM |
| Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role. | |||||
| CVE-2022-2578 | 1 Garage Management System Project | 1 Garage Management System | 2022-08-05 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-10145 | 1 Adobe | 1 Coldfusion | 2022-08-05 | 7.2 HIGH | 7.8 HIGH |
| The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability. | |||||
| CVE-2021-3967 | 1 Zulip | 1 Zulip | 2022-08-05 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Access Control in GitHub repository zulip/zulip prior to 4.10. | |||||
| CVE-2021-3992 | 1 Kimai2 Project | 1 Kimai2 | 2022-08-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| kimai2 is vulnerable to Improper Access Control | |||||
| CVE-2021-4016 | 1 Rapid7 | 1 Insight Agent | 2022-08-05 | 2.1 LOW | 3.3 LOW |
| Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3. | |||||
| CVE-2021-39333 | 1 Hashthemes | 1 Hashthemes Demo Importer | 2022-08-05 | 5.5 MEDIUM | 8.1 HIGH |
| The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of wp-content/uploads. | |||||
| CVE-2016-4427 | 1 Zulip | 1 Zulip | 2022-08-04 | N/A | 7.5 HIGH |
| In zulip before 1.3.12, deactivated users could access messages if SSO was enabled. | |||||
| CVE-2016-4426 | 1 Zulip | 1 Zulip | 2022-08-04 | N/A | 4.3 MEDIUM |
| In zulip before 1.3.12, bot API keys were accessible to other users in the same realm. | |||||