Total
3285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27859 | 1 Fatpipeinc | 6 Ipvpn, Ipvpn Firmware, Mpvpn and 3 more | 2024-09-16 | 8.8 High |
| A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005. | ||||
| CVE-2021-36917 | 1 Wpwave | 1 Hide My Wp | 2024-09-16 | 6.5 Medium |
| WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin. | ||||
| CVE-2021-34647 | 1 Ninjaforms | 1 Ninja Forms | 2024-09-16 | 6.5 Medium |
| The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information. | ||||
| CVE-2021-21437 | 1 Otrs | 2 Itsmconfigurationmanagement, Otrscisincustomerfrontend | 2024-09-16 | 3.5 Low |
| Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions | ||||
| CVE-2018-17491 | 1 Hidglobal | 1 Easylobby Solo | 2024-09-16 | N/A |
| EasyLobby Solo could allow a local attacker to gain elevated privileges on the system. By visiting the kiosk and typing "esc" to exit the program, an attacker could exploit this vulnerability to perform unauthorized actions on the computer. | ||||
| CVE-2020-4816 | 1 Ibm | 1 Cloud Pak For Security | 2024-09-16 | 5.9 Medium |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189703. | ||||
| CVE-2019-15005 | 1 Atlassian | 8 Bamboo, Bitbucket, Confluence and 5 more | 2024-09-16 | 4.3 Medium |
| The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2. | ||||
| CVE-2019-4158 | 1 Ibm | 1 Security Access Manager | 2024-09-16 | 5.4 Medium |
| IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574. | ||||
| CVE-2021-36909 | 1 Webfactoryltd | 1 Wp Reset Pro | 2024-09-16 | 8.8 High |
| Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover. | ||||
| CVE-2019-1003006 | 1 Jenkins | 1 Groovy | 2024-09-16 | 8.8 High |
| A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | ||||
| CVE-2020-7278 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 7.4 High |
| Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates. | ||||
| CVE-2018-11785 | 1 Apache | 1 Impala | 2024-09-16 | N/A |
| Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query. | ||||
| CVE-2018-18377 | 1 Orange | 2 Airbox, Airbox Firmware | 2024-09-16 | N/A |
| goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials. | ||||
| CVE-2018-1217 | 1 Dell | 2 Emc Avamar, Emc Integrated Data Protection Appliance | 2024-09-16 | N/A |
| Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials. | ||||
| CVE-2017-2652 | 1 Jenkins | 1 Distributed Fork | 2024-09-16 | N/A |
| It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes. | ||||
| CVE-2022-26423 | 1 Aethon | 1 Tug Home Base Server | 2024-09-16 | 8.2 High |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | ||||
| CVE-2021-34629 | 1 Sendgrid | 1 Sendgrid | 2024-09-16 | 4.3 Medium |
| The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8. | ||||
| CVE-2021-44794 | 1 Krontech | 1 Single Connect | 2024-09-16 | 5.3 Medium |
| Single Connect does not perform an authorization check when using the "sc-diagnostic-ui" module. A remote attacker could exploit this vulnerability to access the device information page. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information. | ||||
| CVE-2008-6548 | 1 Moinmo | 1 Moinmoin | 2024-09-16 | N/A |
| The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors. | ||||
| CVE-2018-5377 | 1 Discuz | 1 Discuzx | 2024-09-16 | N/A |
| Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter. | ||||