Total
3285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39347 | 1 Paymentplugins | 1 Stripe For Woocommerce | 2024-09-17 | 4.3 Medium |
| The Stripe for WooCommerce WordPress plugin is missing a capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases with their payment accounts. This affects versions 3.0.0 - 3.3.9. | ||||
| CVE-2020-7343 | 1 Mcafee | 1 Agent | 2024-09-17 | 5.5 Medium |
| Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files. | ||||
| CVE-2022-32966 | 1 Realtek | 2 Rtl8111fp-cg, Rtl8111fp-cg Firmware | 2024-09-17 | 6.5 Medium |
| RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service. | ||||
| CVE-2019-11248 | 1 Kubernetes | 1 Kubernetes | 2024-09-17 | 8.2 High |
| The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. | ||||
| CVE-2017-6251 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-09-17 | N/A |
| NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges. | ||||
| CVE-2021-27656 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-09-17 | 5.3 Medium |
| A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service and the operating system. | ||||
| CVE-2018-1000015 | 1 Jenkins | 1 Pipeline Nodes And Processes | 2024-09-17 | N/A |
| On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier. | ||||
| CVE-2017-9513 | 1 Atlassian | 1 Activity Streams | 2024-09-17 | N/A |
| Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks. | ||||
| CVE-2017-12084 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2024-09-17 | N/A |
| A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server. | ||||
| CVE-2021-27855 | 1 Fatpipeinc | 6 Ipvpn, Ipvpn Firmware, Mpvpn and 3 more | 2024-09-17 | 8.8 High |
| FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001. | ||||
| CVE-2020-5362 | 1 Dell | 708 Chengming 3967, Chengming 3967 Firmware, Chengming 3977 and 705 more | 2024-09-17 | 7.1 High |
| Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values. | ||||
| CVE-2017-1002151 | 1 Redhat | 1 Pagure | 2024-09-17 | 7.5 High |
| Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization | ||||
| CVE-2019-8445 | 1 Atlassian | 1 Jira Server | 2024-09-17 | 5.3 Medium |
| Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check. | ||||
| CVE-2013-3703 | 1 Opensuse | 1 Open Build Service | 2024-09-17 | N/A |
| The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data. | ||||
| CVE-2020-1996 | 1 Paloaltonetworks | 1 Pan-os | 2024-09-17 | 5.3 Medium |
| A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.9. | ||||
| CVE-2018-11786 | 1 Apache | 1 Karaf | 2024-09-17 | N/A |
| In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user. | ||||
| CVE-2019-9742 | 1 Gdata-software | 1 Total Security | 2024-09-17 | N/A |
| gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories "inside" the \\.\gdwfpcd device are not properly protected, leading to unintended impersonation or object creation. | ||||
| CVE-2022-36340 | 1 Mailoptin | 1 Mailoptin | 2024-09-17 | 6.5 Medium |
| Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress. | ||||
| CVE-2020-4175 | 1 Ibm | 1 Security Guardium Insights | 2024-09-17 | 5.9 Medium |
| IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174684. | ||||
| CVE-2020-4841 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-09-17 | 5.9 Medium |
| IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 190045. | ||||