Total
3285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42331 | 1 Xinheinformation | 1 Xinhe Teaching Platform System | 2024-09-17 | 5.4 Medium |
| The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters. | ||||
| CVE-2022-41692 | 1 Dwbooster | 1 Appointment Hour Booking | 2024-09-17 | 4.3 Medium |
| Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress. | ||||
| CVE-2020-5345 | 1 Dell | 3 Emc Unisphere For Powermax, Emc Unisphere For Powermax Virtual Appliance, Powermax Os | 2024-09-17 | 6.4 Medium |
| Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics. | ||||
| CVE-2019-13408 | 2 Androvideo, Geovision | 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more | 2024-09-17 | 7.5 High |
| A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. | ||||
| CVE-2021-27858 | 1 Fatpipeinc | 6 Ipvpn, Ipvpn Firmware, Mpvpn and 3 more | 2024-09-17 | 5.3 Medium |
| A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004. | ||||
| CVE-2021-44795 | 1 Krontech | 1 Single Connect | 2024-09-17 | 5.3 Medium |
| Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui" module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other users without authenticating. | ||||
| CVE-2018-7792 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2024-09-17 | 7.5 High |
| A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table. | ||||
| CVE-2017-8217 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2024-09-17 | N/A |
| TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. | ||||
| CVE-2020-24672 | 1 Abb | 1 Base Software | 2024-09-17 | 9.8 Critical |
| A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: . | ||||
| CVE-2022-40223 | 1 Searchwp | 1 Searchwp | 2024-09-17 | 5.4 Medium |
| Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change. | ||||
| CVE-2019-20407 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-09-17 | 4.3 Medium |
| The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check. | ||||
| CVE-2018-0015 | 1 Juniper | 1 Appformix | 2024-09-17 | N/A |
| A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If the host is executing AppFormix Agent, an attacker may access the debug console and execute Python commands with root privilege. Affected AppFormix releases are: All versions up to and including 2.7.3; 2.11 versions prior to 2.11.3; 2.15 versions prior to 2.15.2. Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, the issue has been seen in a production network. No other Juniper Networks products or platforms are affected by this issue. | ||||
| CVE-2020-36238 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-09-17 | 5.3 Medium |
| The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check. | ||||
| CVE-2018-5547 | 1 F5 | 1 Big-ip Access Policy Manager Client | 2024-09-17 | N/A |
| Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges | ||||
| CVE-2021-40853 | 1 Tcman | 1 Gim | 2024-09-17 | 7.2 High |
| TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information. | ||||
| CVE-2011-4183 | 1 Opensuse | 1 Open Build Service | 2024-09-17 | N/A |
| A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16. | ||||
| CVE-2021-44055 | 1 Qnap | 1 Video Station | 2024-09-17 | 5.3 Medium |
| An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later | ||||
| CVE-2017-7622 | 1 Deepin | 1 Deepin Desktop Environment | 2024-09-17 | N/A |
| dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege escalation, by calling DoWriteGrubSettings() provided by dde-daemon. | ||||
| CVE-2017-13247 | 1 Google | 1 Android | 2024-09-17 | N/A |
| In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-71486645. | ||||
| CVE-2018-8012 | 3 Apache, Debian, Oracle | 3 Zookeeper, Debian Linux, Goldengate Stream Analytics | 2024-09-17 | 7.5 High |
| No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. | ||||