Total
2385 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24038 | 1 Karmasis | 1 Infraskope Siem\+ | 2024-11-21 | N/A | 6.5 MEDIUM |
| Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to damage the page where the agents are listed. | |||||
| CVE-2022-24036 | 1 Karmasis | 1 Infraskope Siem\+ | 2024-11-21 | N/A | 8.6 HIGH |
| Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs. | |||||
| CVE-2022-23829 | 2024-11-21 | N/A | 8.2 HIGH | ||
| A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections. | |||||
| CVE-2022-21950 | 2 Opensuse, Suse | 4 Backports Sle, Canna, Factory and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there. | |||||
| CVE-2022-21586 | 1 Oracle | 1 Banking Trade Finance | 2024-11-21 | N/A | 6.4 MEDIUM |
| Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N). | |||||
| CVE-2022-1958 | 1 Filecloud | 1 Filecloud | 2024-11-21 | 4.0 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in FileCloud. Affected is an unknown function of the component NTFS Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-201960. | |||||
| CVE-2022-0824 | 1 Webmin | 1 Webmin | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | |||||
| CVE-2022-0405 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16. | |||||
| CVE-2022-0273 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in Pypi calibreweb prior to 0.6.16. | |||||
| CVE-2022-0170 | 1 Framasoft | 1 Peertube | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| peertube is vulnerable to Improper Access Control | |||||
| CVE-2022-0133 | 1 Framasoft | 1 Peertube | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| peertube is vulnerable to Improper Access Control | |||||
| CVE-2021-4037 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. | |||||
| CVE-2021-47155 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. | |||||
| CVE-2021-45111 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 8.1 HIGH |
| Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials. | |||||
| CVE-2021-44460 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permission it still holds, via crafted RPC requests. | |||||
| CVE-2021-42360 | 1 Brainstormforce | 1 Starter Templates | 2024-11-21 | 3.5 LOW | 7.6 HIGH |
| On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page. | |||||
| CVE-2021-3864 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 7.0 HIGH |
| A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. | |||||
| CVE-2021-36036 | 1 Magento | 1 Magento | 2024-11-21 | N/A | 7.2 HIGH |
| Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker with administrative privilege can gain access to delete the .htaccess file. This could result in the attacker achieving remote code execution. | |||||
| CVE-2021-33162 | 2024-11-21 | N/A | 8.4 HIGH | ||
| Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-32656 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to basic information about users of a server by accessing a public link that a legitimate server user added as a federated share. This happens because Nextcloud supports sharing registered users with other Nextcloud servers, which can be done automatically when selecting the "Add server automatically once a federated share was created successfully" setting. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2 As a workaround, disable "Add server automatically once a federated share was created successfully" in the Nextcloud settings. | |||||