Total
1782 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25740 | 1 Kubernetes | 1 Kubernetes | 2024-09-16 | 3.1 Low |
| A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | ||||
| CVE-2021-35526 | 2 Hitachiabb-powergrids, Hitachienergy | 2 Sdm600 Firmware, Sdm600 | 2024-09-16 | 6.3 Medium |
| Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257). | ||||
| CVE-2017-12112 | 1 Ethereum | 1 Cpp-ethereum | 2024-09-16 | 8.1 High |
| An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | ||||
| CVE-2017-1233 | 1 Ibm | 1 Bigfix Remote Control | 2024-09-16 | N/A |
| IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912. | ||||
| CVE-2021-28826 | 2 Microsoft, Tibco | 2 Windows, Messaging - Eclipse Mosquitto Distribution - Bridge | 2024-09-16 | 8.8 High |
| The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition: versions 1.3.0 and below and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition: versions 1.3.0 and below. | ||||
| CVE-2020-29020 | 1 Secomea | 2 Sitemanager, Sitemanager Firmware | 2024-09-16 | 9.1 Critical |
| Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware. | ||||
| CVE-2020-4794 | 1 Ibm | 3 Automation Workstream Services, Business Automation Workflow, Business Process Manager | 2024-09-16 | 5.4 Medium |
| IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445. | ||||
| CVE-2022-31252 | 2 Opensuse, Suse | 3 Leap, Leap Micro, Linux Enterprise Server | 2024-09-16 | 4.4 Medium |
| A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225. | ||||
| CVE-2019-7304 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2024-09-16 | 9.8 Critical |
| Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1. | ||||
| CVE-2012-1342 | 1 Cisco | 1 Carrier Routing System | 2024-09-16 | 5.8 Medium |
| Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975. | ||||
| CVE-2022-35692 | 1 Adobe | 2 Commerce, Magento Commerce | 2024-09-16 | 5.3 Medium |
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to leak minor information of another user's account detials. Exploitation of this issue does not require user interaction. | ||||
| CVE-2019-14995 | 1 Atlassian | 1 Jira Server | 2024-09-16 | 5.3 Medium |
| The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check. | ||||
| CVE-2021-20429 | 1 Ibm | 1 Qradar User Behavior Analytics | 2024-09-16 | 5.3 Medium |
| IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334. | ||||
| CVE-2021-26845 | 1 Hitachienergy | 1 Esoms | 2024-09-16 | 7.5 High |
| Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3. | ||||
| CVE-2018-3778 | 1 Aedes Project | 1 Aedes | 2024-09-16 | 5.3 Medium |
| Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized. | ||||
| CVE-2020-10510 | 1 Sun | 1 Ehrd | 2024-09-16 | 8.1 High |
| Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data. | ||||
| CVE-2018-1000110 | 1 Jenkins | 1 Git | 2024-09-16 | N/A |
| An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. | ||||
| CVE-2021-28823 | 1 Tibco | 1 Eftl | 2024-09-16 | 8.8 High |
| The Windows Installation component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.5.0 and below, TIBCO eFTL - Developer Edition: versions 6.5.0 and below, and TIBCO eFTL - Enterprise Edition: versions 6.5.0 and below. | ||||
| CVE-2017-8216 | 1 Huawei | 2 P10 Lite, P10 Lite Firmware | 2024-09-16 | N/A |
| Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions earlier than Warsaw-TL10C01B180 have a permission control vulnerability. Due to improper authorization on specific processes, an attacker with the root privilege of a mobile Android system can exploit this vulnerability to obtain some information of the user. | ||||
| CVE-2017-1628 | 1 Ibm | 1 Business Process Manager | 2024-09-16 | N/A |
| IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. | ||||