Total
2377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24688 | 1 Orange-form Project | 1 Orange-form | 2022-03-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure that the post belong to them (or that they are allowed to perform such action on it) | |||||
| CVE-2019-18308 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-03-04 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18309. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18309 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-03-04 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18308. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2022-0727 | 1 Framasoft | 1 Peertube | 2022-03-02 | 5.5 MEDIUM | 5.4 MEDIUM |
| Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. | |||||
| CVE-2022-23981 | 1 Quadlayers | 1 Perfect Brands For Woocommerce | 2022-02-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4). | |||||
| CVE-2021-4201 | 1 Forgerock | 1 Access Management | 2022-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1; 6.5 versions prior to 6.5.4; all previous versions. | |||||
| CVE-2022-23996 | 1 Samsung | 1 Wear Os | 2022-02-22 | 4.3 MEDIUM | 3.3 LOW |
| Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission. | |||||
| CVE-2022-23995 | 1 Samsung | 1 Wear Os | 2022-02-22 | 4.3 MEDIUM | 3.3 LOW |
| Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. | |||||
| CVE-2022-23997 | 1 Samsung | 1 Wear Os | 2022-02-18 | 4.3 MEDIUM | 3.3 LOW |
| Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to disable theater mode without a proper permission. | |||||
| CVE-2020-13675 | 1 Drupal | 1 Drupal | 2022-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site. | |||||
| CVE-2022-0203 | 1 Craterapp | 1 Crater | 2022-02-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2. | |||||
| CVE-2021-23233 | 1 Fresenius-kabi | 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration parameters. | |||||
| CVE-2021-34401 | 2 Google, Nvidia | 2 Android, Shield Experience | 2022-01-25 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVGPU_IOCTL_CHANNEL_SET_ERROR_NOTIFIER, where improper access control may lead to code execution, compromised integrity, or denial of service. | |||||
| CVE-2016-5714 | 1 Puppet | 2 Puppet Agent, Puppet Enterprise | 2022-01-24 | 6.5 MEDIUM | 7.2 HIGH |
| Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability." | |||||
| CVE-2016-2788 | 1 Puppet | 2 Marionette Collective, Puppet Enterprise | 2022-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. | |||||
| CVE-2022-0170 | 1 Framasoft | 1 Peertube | 2022-01-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| peertube is vulnerable to Improper Access Control | |||||
| CVE-2022-0133 | 1 Framasoft | 1 Peertube | 2022-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| peertube is vulnerable to Improper Access Control | |||||
| CVE-2021-22567 | 1 Dart | 1 Dart Software Development Kit | 2022-01-12 | 3.5 LOW | 3.5 LOW |
| Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways. | |||||
| CVE-2021-25991 | 1 If-me | 1 Ifme | 2022-01-10 | 4.9 MEDIUM | 7.3 HIGH |
| In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme. | |||||
| CVE-2021-42808 | 2 Microsoft, Thalesgroup | 2 Windows, Sentinel Protection Installer | 2022-01-04 | 7.2 HIGH | 6.7 MEDIUM |
| Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges. | |||||