Total
5449 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-34149 | 1 Miniorange | 1 Wp Oauth Server | 2024-11-21 | 9.8 Critical |
Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. | ||||
CVE-2022-33970 | 1 Oxilab | 1 Shortcode Addons | 2024-11-21 | 7.2 High |
Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin <= 3.1.2 at WordPress. | ||||
CVE-2022-33969 | 1 Oxilab | 1 Flipbox | 2024-11-21 | 7.2 High |
Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress. | ||||
CVE-2022-33198 | 1 Oxilab | 1 Accordions | 2024-11-21 | 9.8 Critical |
Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. | ||||
CVE-2022-29444 | 1 Cloudways | 1 Breeze | 2024-11-21 | 6.5 Medium |
Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack. | ||||
CVE-2022-29423 | 1 Edmonsoft | 1 Countdown Builder | 2024-11-21 | 3.8 Low |
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. | ||||
CVE-2022-27235 | 1 Supsystic | 1 Social Share Buttons | 2024-11-21 | 6.3 Medium |
Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. | ||||
CVE-2022-25649 | 1 Storeapps | 1 Affiliate For Woocommerce | 2024-11-21 | 5 Medium |
Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress. | ||||
CVE-2022-23731 | 1 Lg | 1 Webos | 2024-11-21 | 7.8 High |
V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models. | ||||
CVE-2022-23714 | 2 Elastic, Microsoft | 2 Endpoint Security, Windows | 2024-11-21 | 7.8 High |
A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | ||||
CVE-2022-23709 | 1 Elastic | 1 Kibana | 2024-11-21 | 4.3 Medium |
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules. | ||||
CVE-2022-23708 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 4.3 Medium |
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index. | ||||
CVE-2022-1548 | 1 Mattermost | 1 Playbooks | 2024-11-21 | 3.7 Low |
Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins. | ||||
CVE-2022-0237 | 1 Rapid7 | 1 Insight Agent | 2024-11-21 | 4 Medium |
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80. | ||||
CVE-2021-36879 | 1 Stylemixthemes | 1 Ulisting | 2024-11-21 | 9.8 Critical |
Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. | ||||
CVE-2021-33036 | 1 Apache | 1 Hadoop | 2024-11-21 | 8.8 High |
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. | ||||
CVE-2021-28497 | 1 Arista | 2 7130, Metamako Operating System | 2024-11-21 | 4.4 Medium |
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train | ||||
CVE-2021-28052 | 1 Hitach | 1 Vantara | 2024-11-21 | 7.5 High |
A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3. | ||||
CVE-2021-27851 | 1 Gnu | 1 Guix | 2024-11-21 | 5.5 Medium |
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0-75109-g94f0312546 are vulnerable. | ||||
CVE-2021-27644 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | 8.8 High |
In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password) |