Total
1368 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20433 | 1 Google | 1 Android | 2022-10-12 | N/A | 7.8 HIGH |
| There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221901 | |||||
| CVE-2022-20434 | 1 Google | 1 Android | 2022-10-12 | N/A | 7.8 HIGH |
| There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242244028 | |||||
| CVE-2022-20431 | 1 Google | 1 Android | 2022-10-12 | N/A | 7.8 HIGH |
| There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221238 | |||||
| CVE-2022-39861 | 1 Samsung | 1 Factorycamera | 2022-10-11 | N/A | 3.3 LOW |
| Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege. | |||||
| CVE-2022-2350 | 1 Brainvire | 1 Disable User Login | 2022-10-11 | N/A | 5.3 MEDIUM |
| The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will. | |||||
| CVE-2021-27598 | 1 Sap | 1 Netweaver Application Server Java | 2022-10-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet. | |||||
| CVE-2021-21467 | 1 Sap | 1 Banking Services | 2022-10-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check. | |||||
| CVE-2022-36068 | 1 Discourse | 1 Discourse | 2022-10-06 | N/A | 4.3 MEDIUM |
| Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds. | |||||
| CVE-2022-2846 | 1 Dwbooster | 1 Calendar Event Multi View | 2022-10-06 | N/A | 4.3 MEDIUM |
| The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it. | |||||
| CVE-2022-29611 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-06 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2022-26102 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-06 | 5.5 MEDIUM | 5.4 MEDIUM |
| Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application. | |||||
| CVE-2020-25359 | 1 Rconfig | 1 Rconfig | 2022-10-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext parameter and delete all the files with that extension in that path. | |||||
| CVE-2020-26832 | 1 Sap | 2 Netweaver Application Server Abap, S\/4 Hana | 2022-10-05 | 7.5 HIGH | 7.6 HIGH |
| SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable. | |||||
| CVE-2019-0257 | 1 Sap | 2 Netweaver Application Server Abap, Netweaver As Abap | 2022-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2020-6270 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices. | |||||
| CVE-2021-21473 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 6.5 MEDIUM | 6.3 MEDIUM |
| SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform. | |||||
| CVE-2020-26818 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. | |||||
| CVE-2022-3124 | 1 Najeebmedia | 1 Frontend File Manager | 2022-10-04 | N/A | 5.3 MEDIUM |
| The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server | |||||
| CVE-2022-2405 | 1 Themehunk | 1 Wp Popup Builder | 2022-10-03 | N/A | 4.3 MEDIUM |
| The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup | |||||
| CVE-2022-40673 | 2 Fedoraproject, Kdiskmark Project | 2 Fedora, Kdiskmark | 2022-09-30 | N/A | 7.8 HIGH |
| KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache. | |||||