Total
193 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-48094 | 1 Lmxcms | 1 Lmxcms | 2023-02-08 | N/A | 4.9 MEDIUM |
lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php. | |||||
CVE-2021-3995 | 2 Fedoraproject, Kernel | 2 Fedora, Util-linux | 2023-02-03 | N/A | 5.5 MEDIUM |
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. | |||||
CVE-2021-22015 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2023-02-03 | 7.2 HIGH | 7.8 HIGH |
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance. | |||||
CVE-2022-4346 | 1 Updraftplus | 1 All-in-one Security | 2023-01-30 | N/A | 5.3 MEDIUM |
The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address. | |||||
CVE-2022-47950 | 2 Debian, Openstack | 2 Debian Linux, Swift | 2023-01-30 | N/A | 6.5 MEDIUM |
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed). | |||||
CVE-2021-3996 | 2 Fedoraproject, Kernel | 2 Fedora, Util-linux | 2023-01-26 | N/A | 5.5 MEDIUM |
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. | |||||
CVE-2022-45440 | 1 Zyxel | 2 Ax7501-b0, Ax7501-b0 Firmware | 2023-01-25 | N/A | 4.4 MEDIUM |
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device. | |||||
CVE-2022-45129 | 1 Payara | 1 Payara | 2023-01-20 | N/A | 7.5 HIGH |
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0. | |||||
CVE-2022-23508 | 1 Weave | 1 Weave Gitops | 2023-01-13 | N/A | 7.8 HIGH |
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. Its endpoint had no security controls to block unauthorized access, therefore allowing local users (and processes) on the same machine to see and alter the bucket content. By leveraging this vulnerability, an attacker could pick a workload of their choosing and inject it into the S3 bucket, which resulted in the successful deployment in the target cluster, without the need to provide any credentials to either the S3 bucket nor the target Kubernetes cluster. There are no known workarounds for this issue, please upgrade. This vulnerability has been fixed by commits 75268c4 and 966823b. Users should upgrade to Weave GitOps version >= v0.12.0 released on 08/12/2022. ### Workarounds There is no workaround for this vulnerability. ### References Disclosed by Paulo Gomes, Senior Software Engineer, Weaveworks. ### For more information If you have any questions or comments about this advisory: - Open an issue in [Weave GitOps repository](https://github.com/weaveworks/weave-gitops) - Email us at [support@weave.works](mailto:support@weave.works) | |||||
CVE-2022-3691 | 1 Fluenx | 1 Deepl Pro Api Translation | 2023-01-12 | N/A | 7.5 HIGH |
The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated visitor. | |||||
CVE-2022-45052 | 3 Axiell, Linux, Microsoft | 3 Iguana, Linux Kernel, Windows | 2023-01-10 | N/A | 6.5 MEDIUM |
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server. | |||||
CVE-2022-4236 | 1 Collne | 1 Welcart E-commerce | 2023-01-09 | N/A | 6.5 MEDIUM |
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server. | |||||
CVE-2022-4140 | 1 Collne | 1 Welcart E-commerce | 2023-01-09 | N/A | 7.5 HIGH |
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server | |||||
CVE-2022-45426 | 1 Dahuasecurity | 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more | 2023-01-04 | N/A | 6.5 MEDIUM |
Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files. | |||||
CVE-2022-4106 | 1 Cedcommerce | 1 Wholesale Market For Woocommerce | 2022-12-23 | N/A | 7.5 HIGH |
The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server. | |||||
CVE-2022-4108 | 1 Cedcommerce | 1 Wholesale Market For Woocommerce | 2022-12-23 | N/A | 4.9 MEDIUM |
The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to (for example in multisite) | |||||
CVE-2022-4107 | 1 Cedcommerce | 1 Smsa Shipping For Woocommerce | 2022-12-23 | N/A | 6.5 MEDIUM |
The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server | |||||
CVE-2022-45227 | 1 Dragino | 2 Lg01 Lora, Lg01 Lora Firmware | 2022-12-13 | N/A | 7.5 HIGH |
The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication. | |||||
CVE-2021-29969 | 1 Mozilla | 1 Thunderbird | 2022-12-09 | 4.3 MEDIUM | 5.9 MEDIUM |
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12. | |||||
CVE-2022-44356 | 1 Wavlink | 2 Wl-wn531g3, Wl-wn531g3 Firmware | 2022-12-02 | N/A | 7.5 HIGH |
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. |