Total
3285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36404 | 1 Coleds | 1 Simple Seo | 2024-09-16 | 5.4 Medium |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions. | ||||
| CVE-2020-27349 | 1 Canonical | 1 Ubuntu Linux | 2024-09-16 | 5.5 Medium |
| Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5. | ||||
| CVE-2022-1521 | 1 Illumina | 8 Iseq 100, Local Run Manager, Miniseq and 5 more | 2024-09-16 | 9.1 Critical |
| LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data. | ||||
| CVE-2023-25715 | 1 Gamipress | 1 Gamipress | 2024-09-16 | 5.4 Medium |
| Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6. | ||||
| CVE-2021-38431 | 1 Advantech | 1 Webaccess Scada | 2024-09-16 | 4.3 Medium |
| An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users. | ||||
| CVE-2019-14995 | 1 Atlassian | 1 Jira Server | 2024-09-16 | 5.3 Medium |
| The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check. | ||||
| CVE-2017-11042 | 1 Google | 1 Android | 2024-09-16 | N/A |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control. | ||||
| CVE-2021-4353 | 1 Rightpress | 1 Woocommerce Dynamic Pricing \& Discounts | 2024-09-16 | 5.3 Medium |
| The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers to export the plugin's settings. | ||||
| CVE-2022-4943 | 1 Miniorange | 1 Google Authenticator | 2024-09-16 | 7.5 High |
| The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings. | ||||
| CVE-2022-23055 | 1 Frappe | 1 Erpnext | 2024-09-16 | N/A |
| In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat messages of groups that they do not belong to, and of other users. | ||||
| CVE-2019-3399 | 1 Atlassian | 2 Jira, Jira Server | 2024-09-16 | 7.5 High |
| The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check. | ||||
| CVE-2017-6923 | 1 Drupal | 1 Drupal | 2024-09-16 | N/A |
| In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view. It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them. | ||||
| CVE-2021-31384 | 1 Juniper | 10 Junos, Srx1500, Srx300 and 7 more | 2024-09-16 | 7.2 High |
| Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative interfaces can successfully do so from any device interface regardless of the web-management configuration and filter rules which may otherwise protect access to J-Web. This issue affects: Juniper Networks Junos OS SRX Series 20.4 version 20.4R1 and later versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1. | ||||
| CVE-2017-18101 | 1 Atlassian | 2 Jira, Jira Server | 2024-09-16 | 6.5 Medium |
| Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks. | ||||
| CVE-2021-23123 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 5.3 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules. | ||||
| CVE-2017-13209 | 1 Google | 1 Android | 2024-09-16 | N/A |
| In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217907. | ||||
| CVE-2022-32768 | 1 Wwbn | 1 Avideo | 2024-09-16 | 4.2 Medium |
| Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's streams. | ||||
| CVE-2018-17490 | 1 Hidglobal | 1 Easylobby Solo | 2024-09-16 | N/A |
| EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes at will. | ||||
| CVE-2019-15013 | 1 Atlassian | 2 Jira, Jira Server | 2024-09-16 | 4.3 Medium |
| The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check. | ||||
| CVE-2018-15429 | 1 Cisco | 1 Hyperflex Hx Data Platform | 2024-09-16 | 5.3 Medium |
| A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based UI of an affected system. A successful exploit could allow the attacker to access files that may contain sensitive data. | ||||