| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user. |
| Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device. |
| Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 |
| A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect v1.14.11 and newer.This issue does not impact UniFi Cloud Key Gen 2 plus.This issue does not impact UDM-Pro customers with UniFi Protect stopped.Affected Products:UDM-Pro firmware 1.7.2 and earlier.UNVR firmware 1.3.12 and earlier.Mitigation:Update UniFi Protect to v1.14.11 or newer version; the UniFi Protect controller can be updated through your UniFi OS settings.Alternatively, you can update UNVR and UDM-Pro to:- UNVR firmware to 1.3.15 or newer.- UDM-Pro firmware to 1.8.0 or newer. |
| Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files. |
| A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it. |
| An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator. |
| Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. |
| An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. |
| Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. |
| Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation. |
| Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves. |
| Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks. |
| TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. |
| UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART). |
| Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. |
| UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus. |
| A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. |
| A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. |
| A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. |
