Total
28799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0002 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2023-11-07 | N/A | 7.8 HIGH |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. | |||||
| CVE-2022-4711 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-11-07 | N/A | 4.3 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu settings for any menu item. | |||||
| CVE-2022-4709 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import and activate templates from the plugin's template library. | |||||
| CVE-2022-4708 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions under which templates are displayed. | |||||
| CVE-2022-4705 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-11-07 | N/A | 4.3 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset site configuration templates, which can be chosen and imported via a separate action documented in CVE-2022-4704. | |||||
| CVE-2022-4704 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-11-07 | N/A | 8.1 HIGH |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import preset site configuration templates including images and settings. | |||||
| CVE-2022-4703 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-11-07 | N/A | 8.1 HIGH |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported data. | |||||
| CVE-2022-4702 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin on the site unless it is part of an extremely limited hardcoded selection. This also switches the site to the 'royal-elementor-kit' theme, potentially resulting in availability issues. | |||||
| CVE-2022-4701 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-11-07 | N/A | 8.8 HIGH |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'contact-form-7', 'media-library-assistant', or 'woocommerce' plugins if they are installed on the site. | |||||
| CVE-2022-4700 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-11-07 | N/A | 8.8 HIGH |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme. | |||||
| CVE-2022-4613 | 1 Clickstudios | 1 Passwordstate | 2023-11-07 | N/A | 6.5 MEDIUM |
| A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as critical. This issue affects some unknown processing of the component Browser Extension Provisioning. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216275. | |||||
| CVE-2022-4390 | 1 Netgear | 2 Ax2400, Ax2400 Firmware | 2023-11-07 | N/A | 10.0 CRITICAL |
| A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network. | |||||
| CVE-2022-46755 | 1 Dell | 1 Wyse Management Suite | 2023-11-07 | N/A | 4.9 MEDIUM |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. | |||||
| CVE-2022-46754 | 1 Dell | 1 Wyse Management Suite | 2023-11-07 | N/A | 6.5 MEDIUM |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities. | |||||
| CVE-2022-46752 | 1 Dell | 150 Inspiron 14 Plus 7420, Inspiron 14 Plus 7420 Firmware, Inspiron 14 Plus 7620 and 147 more | 2023-11-07 | N/A | 4.6 MEDIUM |
| Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2022-46679 | 1 Dell | 1 Emc Powerscale Onefs | 2023-11-07 | N/A | 7.5 HIGH |
| Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2022-46678 | 1 Dell | 1 Wyse Management Suite | 2023-11-07 | N/A | 4.9 MEDIUM |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. | |||||
| CVE-2022-46677 | 1 Dell | 1 Wyse Management Suite | 2023-11-07 | N/A | 4.9 MEDIUM |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized. | |||||
| CVE-2022-46676 | 1 Dell | 1 Wyse Management Suite | 2023-11-07 | N/A | 4.9 MEDIUM |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not authorized. | |||||
| CVE-2022-46664 | 1 Siemens | 1 Mendix Workflow Commons | 2023-11-07 | N/A | 8.1 HIGH |
| A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information. | |||||